ITsecurity
twitter facebook rss

The CIO view of where the CISO fits in the corporate hierarchy

Posted by Kevin on June 30, 2015

So here’s the problem: the majority of CISOs report to the CIO; and the majority of those that do, wish they didn’t. They have two primary arguments: firstly that they require complete control over their own budget and that it should not be part of the IT budget; and secondly that there is a potential […]

CISO Speaking Business’ Language – don’t become a headless messenger

Posted by Kevin on June 10, 2015

Business and Security are two separate breeds, divided by motivations, methods and above all, language. But while Business does not need Security to do its job, Security cannot function without Business support. For this reason alone, it is Security that must master the foreign language. An essential part of a CISO’s job is to explain […]

IAM: Proprietary Vs Cloud

Posted by Kevin on June 1, 2015

Wisegate will shortly publish the results of a survey into the current state of Identity and Access Management (IAM) maturity within business. Almost 150 CISOs took part. What we’re going to look at today is attitudes towards identity and the cloud. Surprisingly perhaps, use of the cloud to store and provision user credentials is still […]

The Connection Between Cloud, Compliance and Mobility – Third Party Risk Management

Posted by Kevin on May 20, 2015

Over the last few years, three things have conspired to change the nature of information security. The cloud has multiplied the number of potential vendors, and associated third party risk, by thousands; mobility has multiplied the possible locations of corporate data by thousands; and compliance has mandated a provable and acceptable level of security. It […]

Developing a Security Strategy Document

Posted by Kevin on May 12, 2015

It’s important to have a security strategy plan. Although this might seem an obvious statement, relatively few companies have actually committed their plan to a formal strategy document. That’s what we’ll discuss today – the advantages of a formal document, and a template to get you started. The template comes from a CISO member of […]

NSTIC – it will prove our identity but will it protect our privacy?

Posted by Kevin on May 4, 2015

NSTIC, the National Strategy for Trusted Identities in Cyberspace, is an Obama initiative designed to make internet usage more secure for everyday users. It will do this by allowing third parties to vouch for our identity. In theory, this will allow us to stop using multiple passwords – instead, the third party will confirm our […]

Phishing: detection and prevention

Posted by Kevin on April 26, 2015

Organizations can be divided into those that have been successfully phished, and those that will be successfully phished. In fact, there is nothing more certain in life than death, taxes and phishing. At a recent internal roundtable discussion on the problem among CISO members of Wisegate, a poll showed that 100% of participants had been […]

EMV Rollout in the US – Keep Calm and Carry On

Posted by Kevin on April 20, 2015

Jeremy King, EMEA director of the PCI Security Standards Council, was talking to senior CISOs from major US finance, retail and pharmaceutical companies. His subject was the EMV chip and pin bank cards now coming to the US. The massive heists from Target, Home Depot and other US retail giants has made this inevitable, although […]

Where the CISO Fits in the Corporate Hierarchy

Posted by Kevin on April 13, 2015

The optimum position of the Chief Information Security Officer within the corporate hierarchy has been debated for years; and it’s not likely be settled soon. Historically – and there’s a lot of logic to this – it belongs within and has emerged from IT. We still more often than not define the subject as IT […]

Coming soon: Insights into the world of CISOs

Posted by Kevin on April 6, 2015

Insights is a new weekly series commencing 13 April 2015. It will do what it says – provide insights into the world of Chief Information Security Officers (CISOs). Most of the articles we read about CISOs are journalists’ interpretations (usually spun to maximize impact) or vendors’ preferences (usually spun to maximize sales). This is different. […]