Strategy

Strategy news, analysis, research, how-to, opinion, and video.

question man
us china russia

backwards up slide

Defensive regression in cybersecurity

There has been a lot of talk lately about defensive regression in cybersecurity. But what exactly is defensive regression? It's not the regression that Sigmund Freud talks about, although there are plenty of folks that don't act like...

measurements

Promoting efficiencies through security metrics

Creating metrics for a security program can be a challenge for many organizations. Troy Leach, CTO of Payment Card Industry Security Standards Council, discusses best practices for creating meaningful security metrics.

bug bounty

Why companies offer a hacking bounty -- and why there are challenges

Want to make a cool $20,000? All you have to do is hack the Nintendo 3DS, a handheld console that’s been out for a few years already. A listing on HackerOne spells everything out. There’s a range for this, of course -- some...

When your threat intelligence just isn’t producing value you need to pivot

Josh Lefkowitz of Flashpoint shares his experience leading the pivot from threat intelligence to business risk intelligence and explains the enterprise benefit for security leaders

gap stretching

Bridging the CIO and CISO divide

Why identity and access management is at the core of the gulf between these two C-suite roles.

Group of executives holding trophy photo winners people men woman award

Incident response and our 'culture of winning'

Security professionals understand the immense value of a formal incident response plan, but management may not always see it the same way, especially as it may be viewed by stockholders or other interests as a "plan to fail". But...

00 title awareness training

Does security awareness training need a new, stronger name?

Security awareness training can help change the security culture through ongoing attention on relevant topics like social engineering. Nevertheless, stale, old, awareness material certainly doesn’t help and too many programs keep...

communication breakdown

Fixing the communications breakdown between IT security and the board and c-suite

Stop buying the first security solution that comes down the pike and solve the communications logjam first.

supply chain

Technology levels the vendor playing field

Gone are the days when the largest vendor in their space was the "right" choice when procuring software. It's time for that viewpoint to change, as the modern age of technology has opened up a world of options for organizations to...

1 immersive

Why you need to develop an immersive security strategy

Immersive security is a radical approach that utilizes advanced visualization techniques to enable a multidimensional situational awareness of the network. By being ‘in the data’ security professionals are able to better and more...

shaking hands

CISOs, it’s time to bury the hatchet with your CIO

The Chief Information Security Officer and the Chief Information Officer can be awkward bedfellows. We look at the how the two execs can work better together.

open gate access

Pain in the PAM

In order to prevent security breaches, insider attacks and comply with regulatory mandates, organizations must proactively monitor and manage privileged access. As the compromise and misuse of identity is often at the core of modern...

ISAO standards organization sets guidelines for sharing information

University of Texas at San Antonio (UTSA), the Information Sharing and Analysis Organization (ISAO) Standards Organization, published four guidance documents on creating and operating an ISAO.

body outline meeting

Time to kill security awareness training

Security awareness is a tired concept and has not worked. It is time to replace it with true education and engagement.

jigsaw ransomware logo

Ransomware from Stoned to pwned

When I was in the trenches as a defender I saw all manner of malicious software. The first one I ever encountered back in the late 80s was the Stoned virus. This was a simple program that was lobbying the infected computer...

museum showcase

How to protect your mission-critical information

A new report by the Information Security Forum (ISF) outlines the steps you can take to determine your mission-critical information assets &and create customized plans for protecting them.

video

How to create a culture of innovation

CIO.com's Rich Hein spoke to seasoned IT leaders to learn the ways in which they foster a workplace culture that values and rewards innovation.

01 two one safely

How to keep IT security at the forefront during a merger

Security pros weigh in on how to keep IT security at the forefront during a merger

Load More
You Might Also Like