Cybersecurity Awareness: A Critical Piece of the Security Puzzle

Originally posted via my column with CompTIA: https://certification.comptia.org/it-career-news/post/view/2019/05/06/cybersecurity-awareness-a-critical-piece-of-the-security-puzzle In a digitally transformed workplace, there’s a tendency to focus on next-gen malware prevention, network monitoring tools and other high-tech solutions to stave off a cyberattack. But these aren’t always the most important methods of preventing security incidents – at least not on their own. It’s the …

Continue reading Cybersecurity Awareness: A Critical Piece of the Security Puzzle

The Why and How of Talking Tech with the Board: 3 Strategies to Help Them “Get” Cybersecurity

Nobody wants their enterprise to be the victim of the next big data breach. For chief information security officers (CISOs) and others who eat, breathe and sleep technology, the solutions seem obvious; there are, after all, not many times, waking or sleeping, that we’re not thinking cybersecurity best practices. But there’s a hidden danger to …

Continue reading The Why and How of Talking Tech with the Board: 3 Strategies to Help Them “Get” Cybersecurity

How to engage with the C-Suite on cyber risk management, part 4

Creating metrics to indicate risk. In part 3 of our metrics series, we discussed we how KRIs help identify risks while KPIs help us measure them. In this, our final article in the series, we’ll build on this knowledge to create metrics based on our four-stage model for qualifying risks and threats that we introduced in part 2. …

Continue reading How to engage with the C-Suite on cyber risk management, part 4

How to engage with the C-suite on cyber risk management, part 3

Understanding KPIs and KRIs. In the first and second parts of our series on engaging with boards on cyber risk management, we explained what today’s boards needed to know about security. In this article, we’ll deep dive into some of the metrics associated with our four-step methodology for qualifying threats and prioritising risk (see details in part 2). The ultimate …

Continue reading How to engage with the C-suite on cyber risk management, part 3

How to engage with the C-suite on cyber risk management, part 2

In Part 1 of this series on on delivering meaningful metrics to boards, I talked about the need to discuss security risks in ways that relate to board concerns. Many CISOs are reporting the wrong metrics to boards — for example, a malware platform supposedly finding 333 million malware alerts or 234,333 wrong password entries. Without context …

Continue reading How to engage with the C-suite on cyber risk management, part 2

How to engage with the C-Suite on cyber risk management

Enron changed the world of finance and the energy industry forever, and the early days of the Equifax hack look as though this breach could change the face of the credit industry and cybersecurity forever. That a single company could amass so much financial information on an individual and be as poorly defended as it …

Continue reading How to engage with the C-Suite on cyber risk management