Healthy security cultures eat lots of phish

Healthy security cultures eat lots of phish

The Google Docs phishing scam was widespread across the internet recently. Thanks to regular phishing training and a strong security awareness culture, our company was spared and as the CISO, I didn't even have to drive the effort....


FCC privacy ruling could leave enterprises' data vulnerable

FCC privacy ruling could leave enterprises' data vulnerable

The recent repeal of new FCC rules designed to strengthen personal privacy among consumers by limiting the uses ISPs can make of their personal data also has implications for companies who use these services. Security and privacy...


How to get employees security engaged

Employee engagement is a major concern for organizations, especially since studies show that most people are not committed to or enthusiastic about their jobs. This has implications for companies in general and for security teams...


Three ways to align security programs to enterprise strategy

Security teams often struggle with how best to articulate security value in business terms, and with aligning security priorities with enterprise strategy. All security programs depend on business owners for success, so it is...


How long is a piece of string? The challenges and benefits of benchmarking security culture

Measuring security culture is challenging, but increasingly important to information security as we seek to maximize the value of people as well as technology to protect organizations. Asking how a security culture stacks up is like...


Seven security cultures that can help or hurt your organization

Some organizational cultures are good for security, while some make protecting information assets and infrastructure harder. There's no one best security culture to aim for, but these three good, three bad, and one ugly examples of...


What's your cybersecurity whistleblower strategy?

What's your cybersecurity whistleblower strategy?

Cybersecurity whistleblowers present a growing risk to organizations, but not for the reasons people may think. Most whistleblowers are not disgruntled rogues, but rather good people trying to get companies to address harmful or...


Security is more than a process… It’s a proficiency

For 15 years, Bruce Schneier's maxim that security is a process and not a product has been very influential within the security community. But the Schneier Maxim is no longer enough to describe the challenges faced by security...


Load More