Tag: ciso
-
National Impact Must Drive Cybersecurity Decisions
by
in SecurityNewsRoxanne Pashaei on Matching Organizational Risks With National Cybersecurity Risks. In the face of intensifying geopolitical tensions and nation-state threats, cybersecurity efforts must move beyond organizational boundaries and financial risk models to consider broader national impact, said Roxanne Pashaei who is the former CISO of a public sector enterprise. First seen on govinfosecurity.com Jump to…
-
10 best practices for vulnerability management according to CISOs
by
in SecurityNews
Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…
-
Balancing data protection and clinical usability in healthcare
by
in SecurityNewsIn this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/02/aaron-weismann-main-line-health-healthcare-data-protection/
-
CIOs and CISOs need a common strategy around AI copilots
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/cios-and-cisos-need-a-common-strategy-around-ai-copilots
-
How the NHL CISO Secures Its Teams, Arenas and Cloud Systems
by
in SecurityNewsNHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league’s use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/how-nhl-ciso-secures-its-teams-arenas-cloud-systems-i-5471
-
Infostealer malware poses potent threat despite recent takedowns
by
in SecurityNewsHow CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
6 hard-earned tips for leading through a cyberattack, from CSOs who’ve been there
by
in SecurityNews
Tags: attack, awareness, breach, business, cisco, ciso, control, cyber, cyberattack, cybersecurity, data, group, incident response, infosec, infrastructure, lessons-learned, military, open-source, phishing, phone, privacy, programming, ransomware, security-incident, service, skills, software, strategy, threat, training, updateDevelop muscle memory, and patience, through simulations: Authority under crisis is meaningless if you can’t establish followership. And this goes beyond the incident response team: CISOs must communicate with the entire organization, a commonly misunderstood imperative, says Pablo Riboldi, CISO of nearshore talent provider BairesDev.”I find that employee involvement tends to be overlooked during cyberattacks.…
-
Bridging the Gap Between the CISO & the Board of Directors
by
in SecurityNewsPositioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/bridging-gap-between-ciso-board
-
How CISOs can balance business continuity with other responsibilities
by
in SecurityNews
Tags: attack, backup, breach, business, cio, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, finance, framework, healthcare, incident, incident response, metric, nist, ransomware, resilience, risk, service, strategy, supply-chain, technology, threat, usa, vulnerabilityCIO-CISO divide: Who owns business continuity?: While CISOs may find that their remit is expanding to cover business continuity, a lack of clear delineation of roles and responsibilities can spell trouble.To effectively handle business continuity, cybersecurity leaders need a framework to collaborate with IT leadership.Responding to events requires a delicate balance between thoroughness of investigation…
-
Executive Perspectives: Pierre Noel on Cybersecurity Leadership, Risk, and Resilience
by
in SecurityNewsIn this edition of Axio’s Executive Insight Series, Scott Kannry, CEO of Axio, sits down with Pierre Noel, former CISO of Microsoft Asia and Huawei, to discuss the evolution of Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/executive-perspectives-pierre-noel-on-cybersecurity-leadership-risk-and-resilience/
-
Zu wenig Budget für OT-Security
by
in SecurityNewsObwohl die Budgets für Cybersicherheit gestiegen sind, fehlt es oft an Investitionen für OT-Security.Eine globale Analyse des Cybersicherheitsanbieters Opswat zeigt: Trotz der wachsenden Akzeptanz von OT-Security, übertragen nur 27 Prozent der Unternehmen die Budgetkontrolle ihren CISOs oder CSOs. Wo dies nicht der Fall ist, werden entscheidende ICS/OT- Anforderungen (ICS = Industrial Control System) bei der…
-
How to create an effective crisis communication plan
by
in SecurityNews
Tags: access, business, ciso, cloud, communications, corporate, cyber, cyberattack, cybersecurity, data, email, group, incident, incident response, infrastructure, mobile, monitoring, network, phone, risk, strategy, toolA crisis communications plan optimally prepares the company for all possible crisis scenarios. This includes clear rules of conduct and communication, prepared content, and secure communication channels and tools.Internet monitoring shows how the crisis is perceived in social networks and the media. Reputation-damaging publications can be identified early, and countermeasures can be initiated.Good communication in day-to-day business…
-
CISOs’ Challenge: Securing MFA Adoption With Risk Messaging
by
in SecurityNews
Tags: ai, authentication, business, ciso, compliance, cyber, mfa, phishing, risk, tactics, vulnerabilityAICD’s Figueroa on Business-Focused Communication for Authentication Progress. Modern phishing tactics now leverage voice, SMS and AI-powered impersonation, yet many Asia-Pacific organizations continue relying on vulnerable single-factor authentication, said Marco Figueroa, senior manager of cyber security, risk and compliance at the Australian Institute of Company Directors. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisos-challenge-securing-mfa-adoption-risk-messaging-a-27848
-
The hidden costs of security tool bloat and how to fix it
by
in SecurityNewsIn this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/27/shane-buckley-gigamon-deep-observability-tool-stacks/
-
Mit GenAI zum Insider-Threat
by
in SecurityNews
Tags: ai, best-practice, ciso, cloud, cyersecurity, data-breach, framework, infrastructure, injection, intelligence, mitre, password, risk, risk-management, technology, threat, toolViele Unternehmen haben nicht auf dem Schirm, welche Sicherheitsprobleme durch die Nutzung von GenAI entstehen.Einer Analyse von Netskope zufolge sind GenAI-Daten-Uploads in Unternehmen innerhalb eines Jahres um das 30-Fache gestiegen. Darunter befinden sich demnach auch sensible Informationen wie Quellcodes, regulierte Daten, Passwörter und Schlüssel sowie geistiges Eigentum.Zudem nutzen drei von vier Unternehmen Apps mit integrierten…
-
Rising attack exposure, threat sophistication spur interest in detection engineering
by
in SecurityNews
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
A CISO’s guide to securing AI models
by
in SecurityNewsIn AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/ml-models-security/
-
Cyber Risks Drive CISOs to Surf AI Hype Wave
by
in SecurityNewsGartner Says Hype Can Benefit Organizations That Harness It for Business Advantage. Organizations haven’t yet drawn business value from AI investments, and many feel AI is overhyped. Gartner analysts said encouraging intelligent risk-taking and investing in cybersecurity can improve an organization’s resilience, giving businesses confidence to embrace technologies like AI. First seen on govinfosecurity.com Jump…
-
Was passiert, wenn niemand den Hut aufhat?
by
in SecurityNews
Tags: cisoDie Rolle des ISO/IEC 27001 Lead Implementers warum sie für CISOs strategisch wichtig ist und wie sie Informationssicherheit wirksam im Unternehmen verankert. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/was-passiert-wenn-niemand-den-hut-aufhat/
-
Quantenschlüssel aus der Sicht des CISO
by
in SecurityNewsQuantum Key Distribution (QKD) dient dazu, Verschlüsselungsschlüssel sicher zwischen zwei Parteien zu verteilen.Der sogenannte Q-Day, an welchem Quantencomputer leistungsstark genug sind aktuelle Standardmethoden der Verschlüsselung zu knacken, rückt näher. Eine der Lösungen, welche zum Schutz vor dieser Quantenbedrohung entwickelt wurde, ist die sogenannte Quantum Key Distribution (QKD). Das Potenzial von QKD ist immens, ihr aktueller…
-
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
by
in SecurityNews
Tags: advisory, cio, cisa, ciso, communications, cyber, cyberattack, cybersecurity, election, government, group, infrastructure, intelligence, Internet, metric, office, resilience, risk, russia, strategy, technology, threatCreating a national resilience strategy The EO requires the assistant to the President for national security affairs (APNSA), in coordination with the assistant to the President for economic policy and the heads of relevant executive departments and agencies, to publish within 90 days (by June 17) a National Resilience Strategy that articulates the priorities, means,…
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
by
in SecurityNews
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
Cloud providers aren’t delivering on security promises
by
in SecurityNewsSecurity concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf. This is being driven by the fact that 24% … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/24/cloud-environments-security-concerns/
-
Cybersicherheitsstrategie – 6 Gartner-Empfehlungen für CISOs
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/herausforderungen-empfehlungen-cisos-ki-cybersicherheit-a-3ae4293b46bd83ca3d23916adc962aa3/
-
Für Cyberattacken gewappnet Krisenkommunikation nach Plan
by
in SecurityNewsLesen Sie, welche Aspekte für einen Krisenkommunikationsplan entscheidend sind.Cyberangriffe fordern nicht nur CISOs in punkto Prävention und Krisenbewältigung heraus. Auch die Unternehmenskommunikation ist mit im Boot. Sie ist verantwortlich für den Krisenkommunikationsplan, den sie mit dem CISO entwickelt und bei Cybersicherheitsvorfällen umsetzt.Eine gute Krisenprävention hat aus der Perspektive der Kommunikation drei Elemente und beginnt nicht…
-
CISA marks NAKIVO’s critical backup vulnerability as actively exploited
by
in SecurityNews
Tags: access, advisory, backup, cisa, ciso, cloud, cybersecurity, exploit, kev, mitigation, network, service, update, vulnerabilityCISOs advised to push for immediate patching: CISA has advised immediate federal and civilian patching of the flaw. For the Federal Civilian Executive Branch (FCEB) agencies, the US cybersecurity watchdog has stipulated a patching deadline of April 19, 2025, in accordance with the BOD 22-01 directive.”Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance…
-
AI Regs: Compliance Risks and Hidden Liabilities for CISOs
by
in SecurityNewsAttorney Jonathan Armstrong on AI Security, Legal Risks Related to EU AI Act. AI regulation is evolving fast, and many businesses may already be violating key provisions without realizing it. Jonathan Armstrong, partner at Punter Southall Law, warns that companies may be using high-risk AI applications without security teams even knowing. First seen on govinfosecurity.com…