Balancing what we’d like to do from the pure security control perspective with the need to align solutions with the business is a recurring theme in my book, Rational Cybersecurity for Business. The actual book is publishing very soon –… Continue reading
Where Should the CISO Report?
When the CISO doesn’t report at the right level of an organization, misalignment between security, IT, the business, and the larger public ecosystems it serves will surely result. Such misalignment often leads to dire consequences, increasing the chance of breaches… Continue reading
How to Define Security for Your Business
Could it be that a simple misunderstanding of what cybersecurity means is creating much of the disconnect between business and security leaders that often makes security programs ineffective? According to one security leader who’s worked as a Chief Information Security… Continue reading
Fifty Keys to Cybersecurity-Business Alignment
My book, Rational Cybersecurity for Business: The Security Leader’s Guide to Business Alignment contains 50 Keys to Alignment that accentuate the guidance. I’m writing about these keys in a “50 keys” blog series. This page conveniently summarizes all the keys… Continue reading
Don’t Press Pause on Security Architecture During the COVID-19 Shutdown
As the “COVID-19 shutdown” pushes businesses into what I call “forced digitalization” – with everyone teleworking – it could be easy for IT and security professionals to become all-consumed by basic operational issues. Just keeping the Virtual Private Networks (VPNs)… Continue reading
How to Reduce Third Party Access Risk (Webcast)
Do you think your organization should be doing something differently to control third party access risk? If so, please register for my webcast on April 16!
Waking Up to Cybersecurity’s New COVID-19 Reality
The COVID-19 pandemic is creating emergent risks and cybersecurity challenges. Chief Information Security Officers (CISOs) and other security organization leaders are on the firing line, finding themselves responsible for everything from remote access security to business continuity management (BCM) to… Continue reading
Place Information Risk Accountability at the Right Level
Too often, information risk accountability isn’t at the right level due to poor alignment between security and business leaders. It’s time to transform the way we communicate risk to the business. When the security program struggles with an issue, bring… Continue reading
Rational Cybersecurity at RSA: The Human Element
“We need to change our cyber security story from one of technical conflict – with business leaders on the sidelines – to one with users and the business as central characters.” As the author of the upcoming book… Continue reading
How to Assess Security Maturity and Make Improvements
Security maturity matters: You wouldn’t ask a small child to ride a bike without training wheels, or later to drive a car before his little legs could reach the brake pedal. But all too often, the public assumes organizations can… Continue reading