Stress comes with the territory for chief information security officers (CISOs). As noted by Medium, the job is unpredictable, with “long periods of preparing, watching, waiting, punctuated by periods of high stress and occasional bruising.” As both vendors and cyberthreats proliferate, finding a balance between an effective cybersecurity strateg

A security awareness program is a critical part of any security strategy. It is not enough to simply hold everyone in the organization accountable. Chief information security officers (CISOs) must first train employees to practice proactive, conscientious security behaviors by convincing them that security affects them directly, not just the business. Buildi

National Cyber Security Awareness Month (NCSAM) highlights important security issues to help governments, businesses and individuals improve their online hygiene. One critical area to consider is the growing shortage of qualified security professionals, which is projected to reach 6 million unfilled positions across the globe by 2019. There are plenty of opp

Of all the weird quirks I had as a kid, I never expected that my fascination with untying knots in the yarn from the arts and crafts box in fourth grade would benefit me in my job today. I recently did an interview for Business Radio X about one of IBM Security’s initiatives to raise awareness about careers in cybersecurity among middle school girls. T

Are you security-aware? A lot more people today are answering yes than in previous years. Perhaps it’s because of their organizations’ own security awareness efforts, or maybe it’s due to the influx of news stories about ransomware, credit card hacks, data breaches and identity theft. If people are more aware of cybersecurity concerns, does

Today organizations are struggling with the best way to protect against attacks that are targeting the endpoint. Too often, the security strategy has been to put the onus on the individual employee. Research has shown, over and over again, that training and user restrictions are both tedious and expensive, and have a very low success rate. This is because c

National Cybersecurity Awareness Month (NCSAM) is a great time to enhance employees’ security knowledge and skills. IT professionals should use it as an opportunity to improve their security training methods, review the tools they use, and test their cybersecurity plans and processes. Eight Lessons From Week Three of NCSAM During week one and week two

In case you haven’t noticed the flood of dedicated content here on SecurityIntelligence, not to mention Twitter, we are currently in the midst of National Cyber Security Awareness Month (NCSAM). The overarching theme of this year’s campaign is “Securing the Internet Is Our Shared Responsibility,” which is a critical lesson to remember

If you ask a group of technology and business professionals to rank the most important parts of their security program, awareness and training will undoubtedly land in the top three. After all, many breaches start with users and, on the flip side, can be prevented by users. It’s all about setting expectations. Unfortunately, many such attempts fall fla

Information security is vastly complex, both technically and from a governance, risk and compliance (GRC) perspective. When workplace politics come into play, security best practices become more complicated and risk management is weakened significantly. Security professionals commonly meet resistance when they attempt to implement IT initiatives that do not

In an ever-changing, dynamic threat landscape, a chief information security officer (CISO) in the health care sector must have knowledge in multiple areas and understand that data breaches have severe repercussions that affect employees, patients and the organization at large. To respond effectively to health care security risks, a CISO must possess well-rou

One of the most disturbing security trends over the last few years has been the rise of the meta attack. The scope of this type of attack is far larger and wider than a threat designed to achieve a specific goal. These advanced cyberattacks are so significant, in fact, that they could sink an entire organization if it doesn’t take the time to install l

When I think about my family vacations from childhood, I remember camping trips, hours on the beach, sharing stories around the campfire and the fun my siblings and I used to have in the back seat of the car — jumping on each other, switching seats and hopping from the third row into the front seat. Half the fun was enabled by the fact that we had no seat be

Risk management is the process of identifying, assessing and controlling threats to an organization. It is also a way to increase the security maturity of an organization. Risk management allows you to think about security more strategically and answer the questions that come from your company board, such as: How many times was the organization attacked? Is

When confronted with the daunting task of developing a cybersecurity strategy, many people don’t know where to start. The quick answer is to make a list of the tasks required to accomplish the project, organize them by functional categories and determine what resources need to be brought together to accomplish the tasks on the list. This might seem lik