Tag: ciso
-
Get Excited About Innovations in IAM
by
in SecurityNewsWhy Should You Be Excited About Innovations in Identity and Access Management (IAM)? If you’re a Cybersecurity professional or CISO, you understand the value of Non-Human Identities (NHI) and Secrets Management. The burning question, then, is “Why should you be excited about innovations in IAM?” IAM, or Identity and Access Management, is a critical piece……
-
AI programming copilots are worsening code security and leaking more secrets
by
in SecurityNews
Tags: access, ai, api, application-security, attack, authentication, best-practice, breach, ceo, ciso, container, control, credentials, cybersecurity, data, data-breach, github, government, incident response, injection, least-privilege, LLM, monitoring, open-source, openai, password, programming, risk, skills, software, strategy, tool, training, vulnerabilityOverlooked security controls: Ellen Benaim, CISO at enterprise content mangement firm Templafy, said AI coding assistants often fail to adhere to the robust secret management practices typically observed in traditional systems.”For example, they may insert sensitive information in plain text within source code or configuration files,” Benaim said. “Furthermore, because large portions of code are…
-
Too little budget for OT security despite rising threats
by
in SecurityNewsWhy OT cybersecurity should be every CISO’s concernOT security becoming a mainstream concern First seen on csoonline.com Jump to article: www.csoonline.com/article/3951163/too-little-budget-for-ot-security.html
-
Forward-thinking CISOs are shining a light on shadow IT
by
in SecurityNewsIn this Help Net Security interview, Curtis Simpson, CISO and Chief Advocacy Officer at Armis, discusses how CISOs can balance security and innovation while managing the risks … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/04/curtis-simpson-armis-shadow-it-risks/
-
CISO Transformation: It’s Time for a New Mental Model
by
in SecurityNewsCISO mind maps are helpful, but they reinforce a tactical view of security. Learn why modern CISOs need a new mental model focused on strategy, value, and board-level impact. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/ciso-transformation-its-time-for-a-new-mental-model/
-
AI Adoption in the Enterprise: Breaking Through the Security and Compliance Gridlock
by
in SecurityNewsAI holds the promise to revolutionize all sectors of enterpriseーfrom fraud detection and content personalization to customer service and security operations. Yet, despite its potential, implementation often stalls behind a wall of security, legal, and compliance hurdles.Imagine this all-too-familiar scenario: A CISO wants to deploy an AI-driven SOC to handle the overwhelming volume of security…
-
Veterans are an obvious fit for cybersecurity, but tailored support ensures they succeed
by
in SecurityNewsSecurity is built into just about any military role: “Veterans make great cybersecurity specialists, because they’ve had security-focused roles, whether physical or information security, no matter what branch of the service they were in,” says Bryan Radliff, a 31-year veteran of the US Army who now serves as the CyberVets program manager in the Onward…
-
Redefining Insider Risk in a Perimeterless World
by
in SecurityNewsOFX CISO Santanu Lodh on the Changing Nature of Insider Threats. The profile of insider risk has changed over a period of time, said Santanu Lodh, CISO at OFX. It is no longer confined to malicious intent. He explains how shifting workforce models, third-party engagement and evolving technology demand continuous monitoring and rethinking of security…
-
National Impact Must Drive Cybersecurity Decisions
by
in SecurityNewsRoxanne Pashaei on Matching Organizational Risks With National Cybersecurity Risks. In the face of intensifying geopolitical tensions and nation-state threats, cybersecurity efforts must move beyond organizational boundaries and financial risk models to consider broader national impact, said Roxanne Pashaei who is the former CISO of a public sector enterprise. First seen on govinfosecurity.com Jump to…
-
10 best practices for vulnerability management according to CISOs
by
in SecurityNews
Tags: api, attack, automation, best-practice, business, ceo, cio, ciso, control, cybersecurity, data, detection, framework, group, incident response, metric, mitre, penetration-testing, programming, ransomware, risk, risk-management, service, software, strategy, technology, threat, tool, update, vulnerability, vulnerability-management1. Culture Achieving a successful vulnerability management program starts with establishing a cybersecurity-minded culture across the organization. Many CISOs admitted to facing historical cultural problems, with one summing it up well. “Our cybersecurity culture was pretty laissez-faire until we got hit with Log4J and then a ransomware attack,” he told CSO. “These events were an…
-
Balancing data protection and clinical usability in healthcare
by
in SecurityNewsIn this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/02/aaron-weismann-main-line-health-healthcare-data-protection/
-
CIOs and CISOs need a common strategy around AI copilots
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/perspective/cios-and-cisos-need-a-common-strategy-around-ai-copilots
-
How the NHL CISO Secures Its Teams, Arenas and Cloud Systems
by
in SecurityNewsNHL CISO David Munroe outlines how the league protects critical infrastructure across public arenas and streaming platforms. He details the league’s use of cloud and AI tools, and highlights the importance of cloud governance, AI-powered defenses and user education in mitigating risk. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/how-nhl-ciso-secures-its-teams-arenas-cloud-systems-i-5471
-
Infostealer malware poses potent threat despite recent takedowns
by
in SecurityNewsHow CISOs can defend against infostealers: To defend against these threats, CISOs should rely on multi-factor authentication MFA and least privilege access to prevent their incursion into the corporate network, as well as endpoint detection and response (EDR) and anti-malware to detect and quarantine infostealers that manage to trick users into running the malware. Regular…
-
6 hard-earned tips for leading through a cyberattack, from CSOs who’ve been there
by
in SecurityNews
Tags: attack, awareness, breach, business, cisco, ciso, control, cyber, cyberattack, cybersecurity, data, group, incident response, infosec, infrastructure, lessons-learned, military, open-source, phishing, phone, privacy, programming, ransomware, security-incident, service, skills, software, strategy, threat, training, updateDevelop muscle memory, and patience, through simulations: Authority under crisis is meaningless if you can’t establish followership. And this goes beyond the incident response team: CISOs must communicate with the entire organization, a commonly misunderstood imperative, says Pablo Riboldi, CISO of nearshore talent provider BairesDev.”I find that employee involvement tends to be overlooked during cyberattacks.…
-
Bridging the Gap Between the CISO & the Board of Directors
by
in SecurityNewsPositioning security leaders as more than risk managers turns them into business enablers, trusted advisers, and, eventually, integral members of the C-suite. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/bridging-gap-between-ciso-board
-
How CISOs can balance business continuity with other responsibilities
by
in SecurityNews
Tags: attack, backup, breach, business, cio, ciso, compliance, cyber, cyberattack, cybersecurity, data, data-breach, finance, framework, healthcare, incident, incident response, metric, nist, ransomware, resilience, risk, service, strategy, supply-chain, technology, threat, usa, vulnerabilityCIO-CISO divide: Who owns business continuity?: While CISOs may find that their remit is expanding to cover business continuity, a lack of clear delineation of roles and responsibilities can spell trouble.To effectively handle business continuity, cybersecurity leaders need a framework to collaborate with IT leadership.Responding to events requires a delicate balance between thoroughness of investigation…
-
Executive Perspectives: Pierre Noel on Cybersecurity Leadership, Risk, and Resilience
by
in SecurityNewsIn this edition of Axio’s Executive Insight Series, Scott Kannry, CEO of Axio, sits down with Pierre Noel, former CISO of Microsoft Asia and Huawei, to discuss the evolution of Read More First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/executive-perspectives-pierre-noel-on-cybersecurity-leadership-risk-and-resilience/
-
Zu wenig Budget für OT-Security
by
in SecurityNewsObwohl die Budgets für Cybersicherheit gestiegen sind, fehlt es oft an Investitionen für OT-Security.Eine globale Analyse des Cybersicherheitsanbieters Opswat zeigt: Trotz der wachsenden Akzeptanz von OT-Security, übertragen nur 27 Prozent der Unternehmen die Budgetkontrolle ihren CISOs oder CSOs. Wo dies nicht der Fall ist, werden entscheidende ICS/OT- Anforderungen (ICS = Industrial Control System) bei der…
-
How to create an effective crisis communication plan
by
in SecurityNews
Tags: access, business, ciso, cloud, communications, corporate, cyber, cyberattack, cybersecurity, data, email, group, incident, incident response, infrastructure, mobile, monitoring, network, phone, risk, strategy, toolA crisis communications plan optimally prepares the company for all possible crisis scenarios. This includes clear rules of conduct and communication, prepared content, and secure communication channels and tools.Internet monitoring shows how the crisis is perceived in social networks and the media. Reputation-damaging publications can be identified early, and countermeasures can be initiated.Good communication in day-to-day business…
-
CISOs’ Challenge: Securing MFA Adoption With Risk Messaging
by
in SecurityNews
Tags: ai, authentication, business, ciso, compliance, cyber, mfa, phishing, risk, tactics, vulnerabilityAICD’s Figueroa on Business-Focused Communication for Authentication Progress. Modern phishing tactics now leverage voice, SMS and AI-powered impersonation, yet many Asia-Pacific organizations continue relying on vulnerable single-factor authentication, said Marco Figueroa, senior manager of cyber security, risk and compliance at the Australian Institute of Company Directors. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cisos-challenge-securing-mfa-adoption-risk-messaging-a-27848
-
The hidden costs of security tool bloat and how to fix it
by
in SecurityNewsIn this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/27/shane-buckley-gigamon-deep-observability-tool-stacks/
-
Mit GenAI zum Insider-Threat
by
in SecurityNews
Tags: ai, best-practice, ciso, cloud, cyersecurity, data-breach, framework, infrastructure, injection, intelligence, mitre, password, risk, risk-management, technology, threat, toolViele Unternehmen haben nicht auf dem Schirm, welche Sicherheitsprobleme durch die Nutzung von GenAI entstehen.Einer Analyse von Netskope zufolge sind GenAI-Daten-Uploads in Unternehmen innerhalb eines Jahres um das 30-Fache gestiegen. Darunter befinden sich demnach auch sensible Informationen wie Quellcodes, regulierte Daten, Passwörter und Schlüssel sowie geistiges Eigentum.Zudem nutzen drei von vier Unternehmen Apps mit integrierten…
-
Rising attack exposure, threat sophistication spur interest in detection engineering
by
in SecurityNews
Tags: access, ai, attack, automation, banking, ceo, ciso, cloud, compliance, cyber, cybersecurity, data, detection, endpoint, exploit, finance, framework, healthcare, infrastructure, insurance, intelligence, LLM, malware, mitre, network, programming, ransomware, RedTeam, risk, sans, siem, software, supply-chain, tactics, technology, threat, tool, update, vulnerability, zero-dayMore than the usual threat detection practices: Proponents argue that detection engineering differs from traditional threat detection practices in approach, methodology, and integration with the development lifecycle. Threat detection processes are typically more reactive and rely on pre-built rules and signatures from vendors that offer limited customization for the organizations using them. In contrast, detection…
-
A CISO’s guide to securing AI models
by
in SecurityNewsIn AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/26/ml-models-security/
-
Cyber Risks Drive CISOs to Surf AI Hype Wave
by
in SecurityNewsGartner Says Hype Can Benefit Organizations That Harness It for Business Advantage. Organizations haven’t yet drawn business value from AI investments, and many feel AI is overhyped. Gartner analysts said encouraging intelligent risk-taking and investing in cybersecurity can improve an organization’s resilience, giving businesses confidence to embrace technologies like AI. First seen on govinfosecurity.com Jump…
-
Was passiert, wenn niemand den Hut aufhat?
by
in SecurityNews
Tags: cisoDie Rolle des ISO/IEC 27001 Lead Implementers warum sie für CISOs strategisch wichtig ist und wie sie Informationssicherheit wirksam im Unternehmen verankert. First seen on itsicherheit-online.com Jump to article: www.itsicherheit-online.com/news/security-management/was-passiert-wenn-niemand-den-hut-aufhat/