The role of the Chief Information Security Officer (CISO) is a relatively new senior-level executive position within most organizations, and is still evolving. To find out how current CISOs landed in that role, their aspirations, the compensation they receive, and which risks they face and responsibilities they shoulder, analysts with international executive search firm Heidrick & Struggles have asked 327 […]
A poor, permanent hire can be a very expensive error, whereas a mis-hire on a virtual CISO can be rapidly corrected. The cybersecurity challenges that companies are facing today are vast, multidimensional, and rapidly changing. Exacerbating the issue is the relentless evolution of threat actors and their ability to outmaneuver security controls effortlessly. As technology […]
The CISO MindMap (with Rafeeq Rehman) This episode features Rafeeq Rehman. He discusses the need for a CISO Mindmap and 6 Focus Areas for 2022-2023: 1. Re-evaluate ransomware defenses, detection and response capabilities, perform a business impact analysis and identify critical processes, applications and data. 2. Reduce/consolidate security tools/technologies and vendors. More tools don’t necessarily reduce risk […]
“Wise is not the one who knows all the answers but the one who knows what questions to ask” More than an article, this is a conversation starter for the CISO and his/her team: What are your answers for this list of essential question that any information security department must deal with? Obviously there are […]
Security operations (SecOps) teams continue to be under a constant deluge of new attacks and malware variants. In fact, according to recent research, there were over 170 million new malware variants in 2021 alone. As a result, the burden on CISOs and their teams to identify and stop these new threats has never been higher. But in […]
Just over a quarter-century ago, the first Chief Information Security Officer (CISO) was minted in the financial vertical, and everyone lived happily ever after. The End. If only this story was that simple and straightforward! The CISO role has never been cut-and-dry. Despite its longevity, this role is still in its adolescence – full of promise, mostly […]
Rafeeq Rehman CISO MindMap 2021: What do InfoSec professionals really do? The CISO Evolution: Business Knowledge for Cybersecurity Executives
Many organisations have been considering a network transformation initiative to support the adoption of SaaS, cloud-based applications, and an increasingly remote workforce. Given the connectivity needs of a remote workforce – and knowing a hybrid workforce is here to stay – many IT teams have had to make sudden changes in the way workers connect […]
Why CIOs Should Report to CISOs – If the CISO is responsible for the security of the organization, then that same person also should be responsible for both security and IT infrastructure. CISO Desk Reference Guide: A Practical Guide for CISOs
To get the assets needed for CISOs to properly do their jobs, business leaders need to invest time, attention, and money in cybersecurity. Here are helpful ways that CISOs can discuss cybersecurity with their C-suite and board members. Work your way to the table As a newer role within organizations, CISOs may not yet be […]
The dilemmas organizations must deal with are dizzying: To pay a ransom or not? Will cyber insurance provide adequate shelter? What’s the role of government? Are new mandates and penalties on the horizon? How are adversaries evolving their tactics? To make sense of it all, let’s first focus on the adversaries and their playbook. Cyber […]
The journey for someone to the role of Chief Information Security Officer (CISO) isn’t often straightforward. Take Sandy Dunn, for example. Per SailPoint, Sandy started as a paper delivery kid at 10 years old. She then worked her way through software sales, insurance, and even horses before becoming the CISO of a health insurance provider in Idaho. All […]
The ransomware threat posed by organized crime groups is considerable, and its impact can be devastating and threaten the entire business. This makes it imperative for boards to ensure the company has taken necessary cybersecurity precautions to resist the threat. Additionally, executives have seen the value of efficient infosec firsthand over the last eighteen months. […]
The modern CISO The role of CISO first emerged as organizations embraced digital revolutions and began relying on new data streams to help inform business decisions. As technology continued to advance and became more complex, so too did threat actors who saw new opportunities to disrupt businesses, by stealing or holding that data hostage for […]
Here are five signs that a virtual CISO may be right for your organization. 1. You have a lot to protect Companies produce more data than ever, and keeping track of it all is the first step to securing it. A virtual CISO can identify what data needs to be protected and determine the negative […]
CISO/vCISO Recruitment What are enterprises seeking in their next CISO – a technologist, a business leader or both? Joyce Brocaglia of Alta Associates shares insights on the key qualities What kinds of CISOs are being replaced? Brocaglia says that an inability to scale and a tactical rather than strategic orientation toward their role are two […]
What CISO does for a living by Louis Botha It’s based on the CISO mindmap by Rafeeq Rehman, updated for 2018 and adding the less technical competencies Download of What CISO does for a living (pdf) CISO MindMap 2018 – What Do InfoSec Professionals Really Do? Recommended titles for CISO CISO’s Library CISOs and […]
By Kevin Townsend Never-ending breaches, ever-increasing regulations, and the potential effect of brand damage on profits has made cybersecurity a mainstream board-level issue. It has never been more important for cybersecurity controls and processes to be in line with business priorities. A recent survey by security firm Varonis highlights that business and security are not fully aligned; […]
CISO’s personal library on managing risk for their organization.
RESILIA™ Cyber Resilience Best Practices AXELOS’s new guide RESILIA™ Cyber Resilience Best Practices provides a methodology for detecting and recovering from cyber security incidents using the ITIL lifecycle RESILIA™ Cyber Resilience Best Practices Best guide on Cyber Resilience on the web – Cyber Resilience Best Practices is part of the AXELOS RESILIA™ portfolio. RESILIA™ Cyber Resilience […]
