Security Leadership

Security Leadership news, information, and how-to advice

isis fighter
businessman relaxing stretching calm thoughtful 56515092

Surveys: Employees at fault in majority of breaches

A company's own employees are a significant factor in the majority of data breaches, either through malicious activity or avoidable mistakes, say two new studies, but companies aren't doing enough to address this issue.

axis and allies

In a mock cyberattack, Deloitte teaches the whole business how to respond

While security and IT staffers typically are trained on dealing with breaches, staffers in other departments may not always be ready

shrugging woman

What’s next for your awareness program?

You’ve tried phishing simulations and Computer Based Training (CBT), and you still have incidents. You may think your program is successful, or useless. What are you going to do next?

facepalmsecurity

Stupid human security tricks

I have been at this for a long time now. Roughly two decades of working for all sorts of companies, clients and now as a vendor. It has been an an interesting ride. One thing that I did over the years was keep journals. Notebooks...

pci cloud

A CISO reveals why the cloud is your secret weapon for faster, better, and cheaper PCI audits

Combining cloud with PCI is the recipe Joan Pepin, CISO of SumoLogic, used to achieve compliance faster, cheaper, and better. Here is what she did.

diving board

A guide to monetizing risks for security spending decisions

You have a finite amount of cash to spend on people and technologies to keep your business’ risk to an acceptable level, so you have to make your decisions wisely. As Curt Dalton points out in this step-by-step guide, monetizing key...

data cloud

Lost in the clouds: Your private data has been indexed by Google

Each day millions of people across the globe create backups of their files. These backups are supposed to offer a measure of assurance that their files are safe and easily recovered if needed. But that's not entirely true.

changed priorities

IMHO: Security can never be just part of the business

Security has gone from afterthought to priority in the Board's eyes. That's a good thing, right? But it brings with it a new kind of risk – when security is viewed as simply part of business as usual

Blue bank vault

Sony breach turns bank's focus to users

After the recent wave of high-profile breaches, New Jersey's Provident Bank decided to focus on the fundamentals, with a three-part strategy to educate new hires about security, train existing employees to be vigilant about phishing...

0 title

The process security leaders need to get the funding and support you want

Getting the funding and support you need to create and operate a successful security program is a process. Here are the steps successful security leaders follow and how you can get started.

washington staredown

Why you should be spending more on security

As the cost and likelihood of security breaches increases, CIOs need to boost security measures -- and spending -- to mitigate the risk to your business.

doctor evil

Three ways a CSO can stop being the bad guy

Some security executives are redefining their roles to become people who say "yes," and restructuring their departments around becoming enablers of business, instead of always being the folks who say "no"

now hiring sign
Q&A

5 keys to hiring security talent

Recruiting IT security professionals can be tough, unless you have a great elevator pitch. The CSO of an insurance company provides advice on telling job candidates a compelling story.

01 stupid title

The things end users do that drive security teams crazy

To protect users from public embarrassment their identities have been withheld in these true stories of failures to follow security protocol.

shoplifting

How to reduce losses caused by theft at POS

Retailers can take steps to try to prevent or at least reduce losses due to theft at point of sale (POS) and shrink.

maze direction

The CSO Security Career Survival Guide

CSO's Security Career Survival Guide

gregg steinhafel

What security leaders need to know about the Target breach settlement

Consider these three points before discussing the Target consumer breach settlement with other leaders

cloud head

Your guide to compliance in the cloud

You can ensure cloud compliance with PCI DSS, HIPAA and other regulatory requirements, but it takes investigation and persistence to get the answers and documentation you need to prove it.

Load More