CSO and CISO

CSO and CISO | News, how-tos, features, reviews, and videos

Conceptual image of a network of executives / silhouettes of executives in motion.
2 man with binoculars data breach research spy

Shared responsibility concept  >  Hands take equal shares of pie chart [partnership / teamwork]

Collective resilience: Why CISOs are embracing a new culture of openness

CISOs are finding value in information sharing among trusted, vetted sources. Here’s how they are maximizing the intelligence gathered from these channels.

A stressed businessman with head in hand sits at a desk and computer in an office workspace.

The emotional stages of a data breach: How to deal with panic, anger, and guilt

Intense situations require both the security experts and stakeholders to be calm and focused, but that is easier said than done. This advice can help.

csea22 001 thumb
video

CSO Executive Sessions with guest Jason Lau / ASEAN

Jason Lau, CISO at Crypto.com, joins host Xiou Ann Lim for this CSO Executive Sessions interview. They will discuss how having a growth mindset is necessary to thrive in cybersecurity, how industry collaboration and data-sharing can...

computer keyboard delete trash

Machine as insider threat: Lessons from Kyoto University’s backup data deletion

Kyoto University lost terabytes of data in a machine-as-an-insider scenario triggered by human error. Here are questions CISOs should ask to avoid a similar situation.

social media network interaction

A framework to vet security processes for human execution

Make sure you take human interaction and communication into account when developing your security processes. Here's a simple framework that can help.

Activists protest against racism and advocate for social justice and equal rights.

Aligning security strategy with ESG objectives: The next big issue for CISOs

As interest in environmental, social, and governance issues increases among investors, business partners, consumers, and employees, CISOs will need to shape their security and risk strategies to align with the organization’s ESG...

A stressed businessman with head in hand sits at a desk and computer in an office workspace.

Security leaders on how to cope with stress of Log4j

The Log4j vulnerability puts great pressure on security teams already stretched thin dealing with ransomware and other attacks. This advice will help them cope.

business travel / airport terminal walkway / traveller

CISOs, what's in your travel security program?

It's time to review (or create) your travel security program now that more people are traveling for work and pleasure. Here's what it should include.

Tim Rohrbaugh, CISO, JetBlue 

JetBlue CISO Tim Rohrbaugh on putting threat intelligence at the center

Understanding threat actors and the tactics they use informs how Rohrbaugh develops his cybersecurity strategy, allocates resources, and leads his team.

balance - measure - comparison - risk assessment

4 classes of practical security and how to balance them against goals

Every CISO must evaluate their security programs against these four basic levels of security -- stay out of jail, table stakes, competitive and advantage -- in terms of business need.

high priority gauge

Security priorities for 2022: Advancement, not revolution

Security leaders say their priorities reflect security needs due to recent shifts in their organization’s IT and business environments, a changing threat landscape, and emerging risks.

storytelling primary

How CISOs can drive the security narrative

If you want people to follow proper security practices, they need to understand why. That's best done by telling a good story.

A group of business leaders / board members with questions.

13 traits of a security-conscious board of directors

A CISO's success (and job longevity) is often dependent on support from the board of directors. Answers to these questions will reveal how security savvy a BoD is.

eliminate insider threats 1

What CISOs can learn from the US Navy insider who stole nuclear secrets

The theft of government secrets by Jonathan Toebbe and others raises the question: How should CISOs deal with insider threats who have had insider threat training?

Vitaliy Panych, CISO, State of California

California state CISO: the goal is “operating as a whole government”

Partnerships with other state entities elevate security capabilities and enhance information sharing to provide better security overall, says California state CISO Vitaliy Panych.

avoid detour side step trap hole in floor arrow by lucadp getty images

How CISOs escape the cost center trap

Even as the CISO role is becoming more business-focused, in many organizations the notion of security as purely a cost center persists. Here’s how savvy CISOs can turn that around.

Rich Agostino, SVP and Chief Information Security Officer, Target [2020]

How Target's CISO balances customer security and customer experience

In wake of a 2013 data breach, Rich Agostino rebuilt Target’s approach to cybersecurity, addressing vulnerabilities while maintaining a user-friendly web presence for customers.

risk assessment - safety analysis - security audit

Why are people so bad at risk assessment? Blame the brain

Stakeholders and CISOs tend to have different perspectives on estimating the risk of a potential cybersecurity incident. Understanding the psychological aspects can help bridge the gap.

Load More