Since launching the Rational Cybersecurity for the Business book project to kick off the New Year, I’ve made great progress, completing more than 20 security leadership interviews, and drafts for 5 of the 10 chapters.
Rational Cybersecurity for the Business’s… Continue reading
CISOs and other security leaders and their sponsors face multifaceted security challenges. Business transformation, disruptive IT changes, a worsening threat landscape, and regulatory issues have all put tremendous pressure on IT, IT security, risk, compliance, and enterprise… Continue reading
Where the CISO should report is probably one of those questions we security professionals will be asking until the end of eternity. We’ll finesse the subject of titles for the security leader, which also vary, and just get started.
The… Continue reading
Last week I wrote that encryption probably wouldn’t have prevented the Anthem breach. The details of that attack haven’t been released, but I found some CSO Online’s analysis that pieces together how it may have… Continue reading
Security Governance 101: Choosing Models and Structures
Even on technical consulting engagements, Security Architects Partners often finds that a security governance issue is at the root of the problem we were brought in to solve. Therefore, we’ve developed… Continue reading
Previously on Security Architect, Security Governance (Part 2): Operating the Matrix. There, I summarized what line of business security groups, Group IT ISO, and executive committees for risk, audit and compliance actually do. Based on our experience… Continue reading