Information Security Governance

The fourth and final part of a series on stopping trade secret theft in your organization.

The third part of a series on stopping trade secret theft in your organization.

Identifying business assets and connecting your security program to them.

Personal strategies for information security leaders to better engage with the business.

Updating the content of NIST 800-53 and NIST 800-37 risk management standards. They are now more aligned with private industry requirements.

Use executive security education to build your security program.

A brief primer on trade secret law for security professionals.

How to create a secure systems development practice in spite of Agile, DevOps and changing threats

Start of four-part series on trade secret theft. Understanding what a trade secret is. Scope of the trade secret theft problem. Role of cyber security in trade secret theft.

Summary of the 2017 NACD Cyber-risk Handbook and its recommendations for directors. Action items for CISOs.

Using stories to communicate for Agile, DevOps, and C-Level executive use cases.

Cybersecurity will be a top priority for governments, in order to protect citizens from attacks on lifestyle.

Security professionals need to embrace DevOps and use it to their advantage. The DevOps Handbook offers an up to date guide for this process.

Security awareness is a tired concept and has not worked. It is time to replace it with true education and engagement.

How the information security community can support law enforcement in preventing another large scale attack.

Using continuous improvement and maturity models to build effective security programs.

What information security leadership persona should you project? To successfully govern your program, you need four different styles. This post describes what they are and how to obtain the necessary skills.

How looking at information security as part of enterprise risk management can help your organization

Lack of funding, resulting from poor business alignment, is the biggest risk facing any security program. The SABSA security architecture methodology can help solve this problem.

Cyber enabled theft of trade secrets is one of the security challenges of our time. In fact financial losses from trade secret theft dwarf those from privacy breaches. This post defines and describes trade secrets and an approach to...