If Not Now, When? If Not Us, Who? – “Tackling The Great Minority Cyber Divide”
In a November 2014 article, Lowell McAdam the CEO of Verizon made the following very bold public statement, “It’s Wrong That in a Room of 25 Engineers, Only 3 Are…
CISO Insights
Back to Vendor ListingsThe Importance of Privacy
Security and Privacy are essential in today’s digital economy. 2014 was a year of large-scale security and privacy breaches, leaving everyone asking themselves how much should we trust companies with…
The Question of the Questions
Incessant questioning can reduce the best thinking to no more than a background chorus of “Are we there yet?” But there are still some things that have to be asked.…
What’s Different About the Sony Hack… And What’s Not?
Sony, Sony, Sony. Do you even realize what has just happened to you? Can you even comprehend the ripple effect this event will have not just on your industry, but everywhere?…
GRC Debunker
(UPDATED) CISO’s and their teams are not just producers of risk analyses and assessments. We are also consumers of them. They come from many sources. The main four are: Responses from…
For Whom the Bell Curve Tolls
People prefer to choose the groups they are in. Even before social media exploited that, there were fan clubs, fraternities, sororities, and many different kinds of groups that people associated…
From the War Room to the Boardroom – The True Elevation of the CISO
In the aftermath of the Target breach, there has been a lot of press on the need for a Chief Information Security Officer (CISO) in the boardroom. The Wall Street…
Walking the Security Tightrope
Some 38 years ago, I started working for the systems group at CUCCA (Columbia Center for Computing Activities). I was fresh out of engineering school (Columbia, by coincidence) and a…
Take the Test: Are You Ready to Tame Your Vendor Security Risk Monster?
How do you measure how mature your vendor security risk assessment program is? How do you measure your ability to lead or develop such a program? Would it be safe…
Application Security – Redux
When you’re on a roll, ride it out. I’ve been on the “Redux” train for a couple of days. I usually do this when I review our security architecture initiatives…