security policy
The Hidden Costs of Insider Threats
Much of cybersecurity policy and practice is dedicated to protecting against external threats and attacks that put networks, data, and devices at risk. Malicious incidents of hacking, phishing, and the like from ...
Cloud Security: Maintaining Least Privilege
Reading Time: 8 minutes There are four main identity risks that determine the necessity of least privilege. These include the separation of duty, dormant identities, privilege escalation, and toxic combinations ...
How Penetration Testing can help prevent Ransomware Attacks
It is hard to believe, but ransomware is more than three decades old. While many would think that the ransomware mayhem started with the WannaCry attack of 2017, that is simply the ...
Why the Security Policy is Dying
Security policies, a familiar tool of the CTO or CISO, are dying off, and I am glad to see them go. Long narrative descriptions of a top-down prescribed security policy ideal are ...
CISO Stories Podcast: Do You Know Where Your Data Is?
Today, data is everywhere as users are working remotely, storing information in the cloud, downloading to and from USB drives, and so on. William Miaoulis, CISO at Auburn University, joins the podcast ...
CISO Stories Podcast: The Nexus of Security, Privacy and Trust
Allison Miller, CISO at Reddit, discusses the challenges across stakeholders from end-users to service providers in addressing the nexus of Security, Privacy and Trust - should they be equally weighted? In what ...
CISO Stories Podcast: Five Mistakes Impacting Security and Privacy Policy Creation
Charles Cresson Wood set the ‘gold standard’ for policy guidance with the book Information Security Policies Made Easy, now in its 14th version. Wood has extensively researched what separates good processes from ...
CISO Stories Podcast: Achieving Security Buy-In – Change Approach Not Culture
We need the organization to support the cybersecurity initiatives and thus we try to influence the organization to support these goals for the protection of the organizational assets. If we are failing, ...
CISO Roundtable: Ransomware Attacks and the True Cost to Business
A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact ...
REvil Ransomware Attacks: Implications for Kaseya, MSPs and Businesses
In some ways, the ransomware attack involving Kaseya is a perfectly logical extension of everything we’ve seen since the end of last year with the disclosure of the SolarWinds attacks: the merger ...