Security Leadership

Security Leadership news, information, and how-to advice

business meeting
boardroom table

irs stoplight

IRS cut its cybersecurity staff by 11% over four years

As headcount is falling, cybersecurity spending at the agency is increasing.

persoanl info form

Security checks that rely on PII put businesses and consumers at risk

The problem of using personal information as a security check has existed for more than a decade, but as the Internet grows and personal data becomes more easily accessible, should such information remain a key security resource?

male victim sad

What enterprises should do when helpless employees lose hope in fighting cyber attacks

CSO looks at the symptoms of the victim mentality in the enterprise, how it comes about, and what enterprises can do technically and psychologically to avoid it.

applause

5 tips for keeping your incident response team happy

These highly skilled, multitasking, (slightly unconventional) security rock stars have a lot to offer beyond security fire drills and threat research.

Mistakes

Employees know better, but still behave badly

Four out of five employees admitted to engaging in some risky behaviors while at work, even though they were aware of cyber-security dangers, according to a new global survey.

bending over backwards

Agile security lessons from Aetna and the state of Texas

The move to agile development practices poses both challenges and opportunities to security teams -- with the challenges often dominating. But some organizations have found ways to make it work. What is agile security? And how can you...

lazy worker

CISOs turn to security awareness solutions to change poor employee behaviors

The importance of computer security awareness training is supported by numerous recent reports including IBM’s 2014 Cyber Security Intelligence Index which found that 95% of all security incidents involve human error.

tight rope finance

Is there really a correlation between effective risk management and profit margin growth?

CSO explores the relationship between risks and profits and how enterprises can use information security risk management to increase profit margin growth.

underwood

Do elected officials encrypt their email?

Let me know when you’re done laughing. It's OK...I can wait. So, this was a thought that occurred to me one night as I was fighting through some rather nasty heartburn. Whenever I’m in that state I can’t help but to think of...

dave northsec

My Notes On Northsec 2015

One of the enjoyable and disquieting parts of my job is speaking at conferences. I always enjoying attending security conferences and interacting with folks in the industry. I can learn a great deal from my discussions with...

cloud tools

US proposes tighter export rules for computer security tools

The U.S. Commerce Department has proposed tighter export rules for computer security tools, a potentially controversial revision to an international agreement aimed at controlling weapons technology.

4627233065 8ee539fcde o

What combination locks teach us about encryption weakness

Last week, an interesting story made the rounds on social media about a researcher named Samy Kamkar who discovered a flaw in Master-brand combination locks and was able to open the lock in eight tries or less. It’s a great discovery...

money game

What a new survey on payment solutions reveals about your security leadership

Insights from a new briefing with some commentary on how it impacts your ability to lead security efforts through the evolving payment ecosystem

Big data analytics hand touchscreen user man

Security analytics scores high in value, low in penetration

Security analytics had the highest perceived value compared to its cost, according to a survey of information security professionals released Monday, but it scored next to last in penetration.

othello iago

Social Engineering: Even Shakespeare understood security’s weakest link

What do Shakespearean tragedies and security issues have in common? Both are overwhelmingly the result of human error. Othello is one of Shakespeare's greatest plays, and Iago is one of literature’s first social engineers.

dugoni dental clinic horizontal

Hard-coded credentials placing dental offices at risk

One researcher says that customers using Henry Schein's Dentrix software have been unknowingly exposed to risk after the latest version shipped with a flaw that was supposed to have been patched two years ago. This was reported to...

starbucks sign

What every CSO should be doing now about the Starbucks potential hack

Don’t lose an opportunity to create a great teachable moment.

global network

Protecting our people from the risks of wanderlust

Let’s help give our people the tools they need to wander the world safely.

Load More