CISO Suite

What is the State of Your Union?

Regularly the President of the United States delivers the State of the Union address. This practice "fulfills rules in Article II, Section 3 of the U.S. Constitution, requiring the President to periodically give Congress information on the "state of the union” and recommend any measures that he believes are necessary and expedient.". What if you as an information security leader held an...

Read More

7 Things To Consider When Creating An Acceptable Use Policy

If you have read any of my posts or attended my webinars about security awareness, training, compliance, or other IT risk management items, you will notice a recurring theme: expecting technology to do all of the work in preventing a security or risk-related event is not the correct mindset. Rather, creating a culture of risk … Read More The post 7 Things To Consider When Creating An...

Read More

The Rise of Cloud-based Services Fuels Demand for Managed VPNs

The growing popularity of cloud services coupled with security concerns is driving demand for managed VPNs. In particular, the success of public cloud services is gradually encouraging more enterprises to move away from conventional remote network access methods in favor of cloud-based remote access. Providing remote access via the public cloud brings organizations multiple advantages including...

Read More

Global Cybersecurity Standards … Another Plea

“The Editor’s Letter,” in the May 2017 issue of the Communications of the ACM (CACM) by Moshe Y Vardi is about “Cyber Insecurity and Cyber Libertarianism.” The column is available at https://cacm.acm.org/magazines/2017/5/216316-cyber-insecurity-and-cyber-libertarianism/fulltext# Vardi’s column recognizes the deficiencies in cybersecurity that I’ve...

Read More

“Cyber” Is Not an Appropriate Risk Category

“Cyber” is not an appropriate category of risk. Often cited in 10-K reports, discussed by board directors and C-suite executives, and referenced by Enterprise Risk Management (ERM) or Governance, Risk and Compliance (GRC) professionals, the category merely perpetuates ambiguity and lack of understanding related to all things “cyber.” Because of this (and other reasons, of...

Read More