Tag: ciso
-
Executive Perspectives: Pierre Noel on Cybersecurity Leadership, Risk, and Resilience
by
in SecurityNewsIn this edition of Axio’s Executive Insight Series, Scott Kannry, CEO of Axio, sits down with Pierre Noel, former CISO of Microsoft Asia and Huawei, to discuss the evolution of Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/executive-perspectives-pierre-noel-on-cybersecurity-leadership-risk-and-resilience/
-
Zu wenig Budget für OT-Security
by
in SecurityNewsObwohl die Budgets für Cybersicherheit gestiegen sind, fehlt es oft an Investitionen für OT-Security.Eine globale Analyse des Cybersicherheitsanbieters Opswat zeigt: Trotz der wachsenden Akzeptanz von OT-Security, übertragen nur 27 Prozent der Unternehmen die Budgetkontrolle ihren CISOs oder CSOs. Wo dies nicht der Fall ist, werden entscheidende ICS/OT- Anforderungen (ICS = Industrial Control System) bei der…
-
How to create an effective crisis communication plan
by
in SecurityNews
Tags: access, business, ciso, cloud, communications, corporate, cyber, cyberattack, cybersecurity, data, email, group, incident, incident response, infrastructure, mobile, monitoring, network, phone, risk, strategy, toolA crisis communications plan optimally prepares the company for all possible crisis scenarios. This includes clear rules of conduct and communication, prepared content, and secure communication channels and tools.Internet monitoring shows how the crisis is perceived in social networks and the media. Reputation-damaging publications can be identified early, and countermeasures can be initiated.Good communication in day-to-day business…
-
CISOs’ Challenge: Securing MFA Adoption With Risk Messaging
by
in SecurityNews
Tags: ai, authentication, business, ciso, compliance, cyber, mfa, phishing, risk, tactics, vulnerabilityAICD’s Figueroa on Business-Focused Communication for Authentication Progress. Modern phishing tactics now leverage voice, SMS and AI-powered impersonation, yet many Asia-Pacific organizations continue relying on vulnerable single-factor authentication, said Marco Figueroa, senior manager of cyber security, risk and compliance at the Australian Institute of Company Directors. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisos-challenge-securing-mfa-adoption-risk-messaging-a-27848
-
The hidden costs of security tool bloat and how to fix it
by
in SecurityNewsIn this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/27/shane-buckley-gigamon-deep-observability-tool-stacks/
-
Mit GenAI zum Insider-Threat
by
in SecurityNews
Tags: ai, best-practice, ciso, cloud, cyersecurity, data-breach, framework, infrastructure, injection, intelligence, mitre, password, risk, risk-management, technology, threat, toolViele Unternehmen haben nicht auf dem Schirm, welche Sicherheitsprobleme durch die Nutzung von GenAI entstehen.Einer Analyse von Netskope zufolge sind GenAI-Daten-Uploads in Unternehmen innerhalb eines Jahres um das 30-Fache gestiegen. Darunter befinden sich demnach auch sensible Informationen wie Quellcodes, regulierte Daten, Passwörter und Schlüssel sowie geistiges Eigentum.Zudem nutzen drei von vier Unternehmen Apps mit integrierten…
-
Rising attack exposure, threat sophistication spur interest in detection engineering
by
in SecurityNews
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
A CISO’s guide to securing AI models
by
in SecurityNewsIn AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/ml-models-security/
-
Cyber Risks Drive CISOs to Surf AI Hype Wave
by
in SecurityNewsGartner Says Hype Can Benefit Organizations That Harness It for Business Advantage. Organizations haven’t yet drawn business value from AI investments, and many feel AI is overhyped. Gartner analysts said encouraging intelligent risk-taking and investing in cybersecurity can improve an organization’s resilience, giving businesses confidence to embrace technologies like AI. First seen on govinfosecurity.com Jump…
-
Was passiert, wenn niemand den Hut aufhat?
by
in SecurityNews
Tags: cisoDie Rolle des ISO/IEC 27001 Lead Implementers warum sie für CISOs strategisch wichtig ist und wie sie Informationssicherheit wirksam im Unternehmen verankert. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/was-passiert-wenn-niemand-den-hut-aufhat/
-
Quantenschlüssel aus der Sicht des CISO
by
in SecurityNewsQuantum Key Distribution (QKD) dient dazu, Verschlüsselungsschlüssel sicher zwischen zwei Parteien zu verteilen.Der sogenannte Q-Day, an welchem Quantencomputer leistungsstark genug sind aktuelle Standardmethoden der Verschlüsselung zu knacken, rückt näher. Eine der Lösungen, welche zum Schutz vor dieser Quantenbedrohung entwickelt wurde, ist die sogenannte Quantum Key Distribution (QKD). Das Potenzial von QKD ist immens, ihr aktueller…
-
Trump shifts cyberattack readiness to state and local governments in wake of info-sharing cuts
by
in SecurityNews
Tags: advisory, cio, cisa, ciso, communications, cyber, cyberattack, cybersecurity, election, government, group, infrastructure, intelligence, Internet, metric, office, resilience, risk, russia, strategy, technology, threatCreating a national resilience strategy The EO requires the assistant to the President for national security affairs (APNSA), in coordination with the assistant to the President for economic policy and the heads of relevant executive departments and agencies, to publish within 90 days (by June 17) a National Resilience Strategy that articulates the priorities, means,…
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
by
in SecurityNews
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
Cloud providers aren’t delivering on security promises
by
in SecurityNewsSecurity concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf. This is being driven by the fact that 24% … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/24/cloud-environments-security-concerns/
-
Cybersicherheitsstrategie – 6 Gartner-Empfehlungen für CISOs
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/herausforderungen-empfehlungen-cisos-ki-cybersicherheit-a-3ae4293b46bd83ca3d23916adc962aa3/
-
Für Cyberattacken gewappnet Krisenkommunikation nach Plan
by
in SecurityNewsLesen Sie, welche Aspekte für einen Krisenkommunikationsplan entscheidend sind.Cyberangriffe fordern nicht nur CISOs in punkto Prävention und Krisenbewältigung heraus. Auch die Unternehmenskommunikation ist mit im Boot. Sie ist verantwortlich für den Krisenkommunikationsplan, den sie mit dem CISO entwickelt und bei Cybersicherheitsvorfällen umsetzt.Eine gute Krisenprävention hat aus der Perspektive der Kommunikation drei Elemente und beginnt nicht…
-
CISA marks NAKIVO’s critical backup vulnerability as actively exploited
by
in SecurityNews
Tags: access, advisory, backup, cisa, ciso, cloud, cybersecurity, exploit, kev, mitigation, network, service, update, vulnerabilityCISOs advised to push for immediate patching: CISA has advised immediate federal and civilian patching of the flaw. For the Federal Civilian Executive Branch (FCEB) agencies, the US cybersecurity watchdog has stipulated a patching deadline of April 19, 2025, in accordance with the BOD 22-01 directive.”Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance…
-
AI Regs: Compliance Risks and Hidden Liabilities for CISOs
by
in SecurityNewsAttorney Jonathan Armstrong on AI Security, Legal Risks Related to EU AI Act. AI regulation is evolving fast, and many businesses may already be violating key provisions without realizing it. Jonathan Armstrong, partner at Punter Southall Law, warns that companies may be using high-risk AI applications without security teams even knowing. First seen on govinfosecurity.com…
-
From Cloud Native to AI Native: Lessons for the Modern CISO to Win the Cybersecurity Arms Race
by
in SecurityNewsBy adopting AI Native security operations, organizations gain a formidable defense posture and streamline their use of human talent for the most challenging, creative and impactful tasks First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/from-cloud-native-to-ai-native-lessons-for-the-modern-ciso-to-win-the-cybersecurity-arms-race/
-
How CISOs are approaching staffing diversity with DEI initiatives under pressure
by
in SecurityNewsStaffing diversity can help avoid homogenous thinking: Similarly, Sam McMahon, senior manager of IT and security at Valimail, underscores the necessity of representing different backgrounds and mindsets.”In my experience, even small security teams benefit greatly from the variety of perspectives that come with different backgrounds and skill sets,” he says. “We know that the majority…
-
5 pitfalls that can delay cyber incident response and recovery
by
in SecurityNewsThe responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/incident-response-pitfalls/
-
How healthcare CISOs can balance security and accessibility without compromising care
by
in SecurityNewsIn this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/20/sunil-seshadri-healthequity-healthcare-data-risk/
-
That breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s toll
by
in SecurityNews
Tags: attack, breach, business, ciso, cyber, cybersecurity, data, email, incident, incident response, insurance, jobs, network, phone, ransomware, risk, risk-managementThe importance of practice in estimating costs: Quantifying the costs of an incident in advance is an inexact art greatly aided by tabletop exercises. “The best way in my mind to flush all of this out is by going through a regular incident response tabletop exercise,” Gary Brickhouse, CISO at GuidePoint Security, tells CSO. “People…
-
Moving beyond checkbox security for true resilience
by
in SecurityNewsIn this Help Net Security interview, William Booth, director, ATTCK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/19/william-booth-mitre-proactive-security-measures/
-
Breaking Down Risks in Cybersecurity
by
in SecurityNewsCyber Crime Junkies podcast Breaking Down Risks in Cybersecurity A great conversation on the Cyber Crime Junkies podcast with David Mauro! We covered so many different topics that the CISOs are struggling with: Generative vs Agentic AI risks and opportunities How cyber attackers leverage powerful tools like…
-
Why States Will Need to Step Up Cyber Help for Healthcare
by
in SecurityNewsAs uncertainty mounts about the range of cyber resources the federal government will continue to offer healthcare and other critical infrastructure sectors during the Trump administration, states will need to step up their support, said Mike Hamilton, field CISO of cybersecurity firm Lumifi Cyber. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/states-will-need-to-step-up-cyber-help-for-healthcare-i-5467
-
Not all cuts are equal: Security budget choices disproportionately impact risk
by
in SecurityNews
Tags: ai, application-security, attack, awareness, backdoor, breach, bug-bounty, business, ceo, ciso, cloud, compliance, container, control, cyber, cybersecurity, data, iam, identity, incident response, infrastructure, monitoring, phishing, risk, risk-management, service, software, strategy, technology, threat, tool, training, update, usa, vulnerability[Source: Splunk] As cyber threats evolve at an unprecedented pace, delaying essential technology upgrades can severely impact an organization. The newest technological updates are introduced to enhance an organization’s security offerings and directly address recently identified challenges.”Outdated systems lack new features and functionality that allow for more sophisticated offerings, like moving to the cloud,” Kirsty…