Engaging the Board on Cybersecurity
Corporate Boards of Directors (BOD) may soon be required to disclose their level of cybersecurity expertise. The recently-introduced Cybersecurity Disclosure Act (S.2410) would direct the SEC to work out the details of making publicly-traded companies “comply or… Continue reading
Security Governance Review
The Challenge: CIOs, CISOs and other security department leaders or sponsors face multifaceted security challenges. Business transformation, disruptive IT changes, a worsening threat landscape and regulatory issues have all put tremendous pressure on IT, IT security, risk, compliance… Continue reading
Are you Ready for the Golden Shovel?
Don’t wait for a major security scare at your organization to deliver a “golden shovel.” Have your plan ready to make the most of any teachable moments as well as increases in funding.
Source: Educause Presentation
Security Architects… Continue reading
Where Should the CISO Report in the Organization?
Where the CISO should report is probably one of those questions we security professionals will be asking until the end of eternity. We’ll finesse the subject of titles for the security leader, which also vary, and just get started.
The… Continue reading
Mitigate Common Attack Paths at the Core
Last week I wrote that encryption probably wouldn’t have prevented the Anthem breach. The details of that attack haven’t been released, but I found some CSO Online’s analysis that pieces together how it may have… Continue reading
Security Governance 101 Webinar Recording Posted
WEBINAR DESCRIPTION
Security Governance 101: Choosing Models and Structures
Even on technical consulting engagements, Security Architects Partners often finds that a security governance issue is at the root of the problem we were brought in to solve. Therefore, we’ve developed… Continue reading
Five Essential Questions for Matrix Security Governance
Previously on Security Architect, Security Governance (Part 2): Operating the Matrix. There, I summarized what line of business security groups, Group IT ISO, and executive committees for risk, audit and compliance actually do. Based on our experience… Continue reading
Security Governance (Part 2): Operating the Matrix
At the root of many consulting engagements we find a security governance problem. Last week, in Part 1 of this series, I described the centralized, decentralized and matrixed primitives of security governance. I published the matrixed security governance… Continue reading
Security Governance Models and Structures
At the root of most consulting engagements we often find a security governance problem. Therefore, we decided to devote some of Security Architects Partners’ next several posts to this Eternal Question: How to govern enterprise security? Should governance be centralized?… Continue reading
After the Breach (Part 2): Cyber-Insurance?
APTs and cybercriminals are in the news again with more end-of-2014 breach statistics emerging from the analysts. Here’s an update of my After the Breach (Part 1) post with links to some of the latest information, and a new… Continue reading