What is the State of Your Union?

Regularly the President of the United States delivers the State of the Union address. This practice "fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the "state of the union” and recommend any measures that he believes are necessary and expedient.". What if you as an information security leader held an information security State of the Union address with the explicit purpose of educating both your leaders and business partners on your information security program and the areas of focus for the next year? Communicating to those who are not in our area is certainly a challenge; however, the benefits outweigh the effort in several different ways. By being intentional at sharing the state of your security union, you can not only deliver the status of your program but also equip your leaders with information they can quite literally share in environments that your team is not able to attend.   What should you consider including? * Effectiveness of your program * Opportunities to improve your program * Communicate recent achievements * Demonstrate stewardship of your resources * Show how your team supported objectives...
Read more

7 Things To Consider When Creating An Acceptable Use Policy

If you have read any of my posts or attended my webinars about security awareness, training, compliance, or other IT risk management items, you will notice a recurring theme: expecting technology to do all of the work in preventing a security or risk-related event is not the correct mindset. Rather, creating a culture of risk … Read More The post 7 Things To Consider When Creating An Acceptable Use Policy appeared first on The State of Security.
Read more

The Rise of Cloud-based Services Fuels Demand for Managed VPNs

The growing popularity of cloud services coupled with security concerns is driving demand for managed VPNs. In particular, the success of public cloud services is gradually encouraging more enterprises to move away from conventional remote network access methods in favor of cloud-based remote access. Providing remote access via the public cloud brings organizations multiple advantages including ease of management, flexibility and lower costs. However, opinions are divided over the level of security it affords. Most users of public cloud services consider security a primary benefit. Yet mistakes can and do happen, leading to high profile consequences. One aspect of cloud management technology that is not in dispute is its capacity to simplify secure VPN connectivity for large numbers of remote workers.
Read more

Security Boulevard Chats: Bond, Jane Bond w/ Chenxi Wang, Jane Bond Project

In this Security Boulevard Chat we speak with well known security expert, Chenxi Wang. Chenxi has started her own security consulting organization called the Jane Bond Project. Chenxi has a ton of experience as both a security practitioner, vendor and analyst. She is also a champion for diversity in our industry! Below is the streaming
Read more

Global Cybersecurity Standards … Another Plea

“The Editor’s Letter,” in the May 2017 issue of the Communications of the ACM (CACM) by Moshe Y Vardi is about “Cyber Insecurity and Cyber Libertarianism.” The column is available at https://cacm.acm.org/magazines/2017/5/216316-cyber-insecurity-and-cyber-libertarianism/fulltext# Vardi’s column recognizes the deficiencies in cybersecurity that I’ve been harping on for years. He writes the following: “So here we are, 70 years
Read more

“Cyber” Is Not an Appropriate Risk Category

“Cyber” is not an appropriate category of risk. Often cited in 10-K reports, discussed by board directors and C-suite executives, and referenced by Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) professionals, the category merely perpetuates ambiguity and lack of understanding related to all things “cyber.” Because of this (and other reasons, of … Read More The post “Cyber” Is Not an Appropriate Risk Category appeared first on The State of Security.
Read more
Page 1 of 3123