Search

Your search keyword '"CISO"' showing total 53 results
Start Over Descriptor "CISO" Publication Year Range Last 3 years
53 results on '"CISO"'

2. Teacher, enforcer, soothsayer, scapegoat : the purpose of the CISO in commercial organisations

Author

Da Silva, Joseph

Subjects
CISO, Cyber security, Interpretive research, Business and Society
Abstract

The employment of a Chief Information Security Officer (CISO) is common in commercial businesses. However, the purpose of the CISO role is not well understood. This thesis provides in-depth perspectives on the CISO role, and, in so doing, brings to the fore a nuanced understanding of its purpose and surfaces the experiences of those performing it. The thesis is grounded in an in-depth study of 18 UK-based but predominantly multinational organisations. It utilises semi-structured interviews with 15 CISOs and six senior organisational leaders, as well as an analysis of each organisation's annual report. Through the application of empirically-grounded sociological theories to an interpretation of the findings, the thesis makes theoretical, practical, methodological, and empirical contributions. These include employing broader security scholarship related to ontological security and sociological notions of identity work to determine that cyber security plays an important role in business identity, being both threat to, and constituent of, that identity. It shows that the CISO's own identity is conflicted and contradictory and proposes a metaphor of soothsaying that provides further insight. By applying analytical lenses of risk management and governance, it shows that the CISO represents an attempt to control cyber-security uncertainty, and highlights paradoxes relating to the role that the CISO plays in risk management. Further, it introduces the concept of recreancy to cyber-security practice. Cyber security is also explored in wider societal contexts, with the work of Thomas Hobbes used as an analytical lens. This indicates that cyber-security practices within businesses are beneficial to the state and shows that cyber-security threats are survival-level concerns feared by both states and businesses. Reflexivity in relation to the complex and enmeshed nature of cyber-security practice within broader society is also motivated by the thesis. The thesis concludes with considerations for future work that have been provoked by this research.

Published
2023

3. The adoption of a cybersecurity framework in a healthcare, surgical and oncological environment: Synergy-net a Campania FESR-POR (European Fund of Regional Development-Regional Operative Program) research project.

Author

Parmeggiani, Domenico, Moccia, Giancarlo, Torelli, Francesco, Miele, Francesco, Luongo, Pasquale, Sperlongano, Pasquale, Allaria, Alfredo, Sciarra, Antonella, De Falco, Nadia, Donnarumma, Maddalena, Colonnese, Chiara, Bassi, Paola, and Agresti, Massimo

Subjects
HEALTH Insurance Portability & Accountability Act, CHIEF information officers, INFORMATION technology security, MANAGEMENT information systems, INFORMATION resources management
Abstract

As with any other sector, the healthcare industry is also prone to cyber threats. Though the nature of threats is similar to any other industries, it does need to address sector-specifics risks along with security risks in its operating environments. Every day the Hospitals need to ensure that the information is adequately secured. Currently Chief Information Officer (CIOs) and Chief Information Security Officer (CISOs) are trying to protect their hospital Information Systems (IS) departments from security threats. It's imperative to take necessary measures to ensure risk management and business continuity. The paper addresses some of the challenges faced by healthcare organizations in the selection of a cyber-security framework by reviewing some of the common standards and frameworks that are used by healthcare organizations. The also paper highlights the advantages and disadvantages of each of the standards as: international organization for standardization (ISO)/IEC 27799, Health Insurance Portability and Accountability Act (HIPAA), HITRUST, Nation Institute of Standards and Technology (NIST) has developed the Cyber Security Framework (CSF) and General Data Protection Regulation (GDPR) and compare and the additional directives provided by this standards. [ABSTRACT FROM AUTHOR]

Published
2024

4. Cybersecurity Leadership: Delineating Secure Landscape.

Author

Kritika

Abstract

An organization’s ability to navigate the complex terrain of cyberspace depends heavily on the leadership. As organizations are increasingly going digital, there has been a corresponding rise in cybersecurity threats. Hence the need for a robust, efficient and effective cybersecurity leadership (Chief Information Security Officer, CISO) in the digital sphere. Leadership in cyberspace is a multifaceted and cross-functional approach, requiring vision, strategic acumen and commitment. The paper presents a thorough examination of the dynamic relationship between cybersecurity and leadership, cybersecurity leadership skills, role of CISOs, and cybersecurity challenges and solutions. [ABSTRACT FROM AUTHOR]

Published
2024

7. CISO: Co-iteration semi-supervised learning for visual object detection.

Author

Qi, Jianchun, Nguyen, Minh, and Yan, Wei Qi

Abstract

Semi-supervised learning offers a solution to the high cost and limited availability of manually labeled samples in supervised learning. In semi-supervised visual object detection, the use of unlabeled data can significantly enhance the performance of deep learning models. In this paper, we introduce an end-to-end framework, named CISO (Co-Iteration Semi-Supervised Learning for Object Detection), which integrates a knowledge distillation approach and a collaborative, iterative semi-supervised learning strategy. To maximize the utilization of pseudo-label data and address the scarcity of pseudo-label data due to high threshold settings, we propose a mean iteration approach where all unlabeled data is applied to each training iteration. Pseudo-label data with high confidence is extracted based on an ever-changing threshold (average intersection over union of all pseudo-labeled data). This strategy not only ensures the accuracy of the pseudo-label but also optimizes the use of unlabeled data. Subsequently, we apply a weak-strong data augmentation strategy to update the model. Lastly, we evaluate CISO using Swin Transformer model and conduct comprehensive experiments on MS-COCO. Our framework showcases impressive results, outperforms the state-of-the-art methods by 2.16 mAP and 1.54 mAP with 10% and 5% labeled data, respectively. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

8. The Information Security Function and the CISO in Colombia: 2010–2020

Author

Cano M., Jeimy J., Almanza J., Andrés R., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rocha, Álvaro, editor, Ferrás, Carlos, editor, and Ibarra, Waldo, editor

Published
2023
Full Text
View/download PDF

10. A Qualitative Exploration of Stressors Influencing Chief Information Security Officers (CISOs) Burnout.

Author

Mulgund, Pavankumar, Higgins, Kathryn, Singh, Raghvendra, Yafang Li, and Shaw Liam Chew

Subjects
PSYCHOLOGICAL burnout, ORGANIZATION management, DATA privacy, CORPORATE culture, WELL-being
Abstract

The role of Chief Information Security Officers (CISOs) is crucial in safeguarding organizations against cyber threats, but it comes with a significant burden. CISOs often work long hours, face a constantly evolving threat landscape, and must balance budget constraints with the need for comprehensive security measures. However, the responsibility can lead to burnout, which not only impacts CISOs' well-being but also the organization's security posture. To prevent CISO burnout, it is crucial to identify the factors influencing it. Through interviews with 11 CISOs, we identified five types of stressors relevant to burnout, including organizational culture related stressors, resources related stressors, job responsibilities related stressors, contextual factors, and emerging stressors. Addressing these stressors and providing support to mitigate the identified stressors is crucial to prevent burnout, support CISOs' well-being, and maintain their effectiveness in their role, which is critical in protecting organizations from cyber threats. [ABSTRACT FROM AUTHOR]

Published
2023

11. Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Author

Patrick Sven Ulrich, Alice Timmermann, and Vanessa Frank

Subjects
Cybercrime, Cyber risks, Cybersecurity, Family firms, Empirical study, CISO, Information technology, T58.5-58.64, Management information systems, T58.6-58.62
Abstract

Purpose – The starting point for the considerations the authors make in this paper are the special features of family businesses in the area of management discussed in the literature. It has been established here that family businesses sometimes choose different organizational setups than nonfamily businesses. This has not yet been investigated for cybersecurity. In the context of cybersecurity, there has been little theoretical or empirical work addressing the question of whether the qualitative characteristics of family businesses have an impact on the understanding of cybersecurity and the organization of cyber risk defense in the companies. Based on theoretically founded hypotheses, a quantitative empirical study was conducted in German companies. Design/methodology/approach – The article is based on a quantitative-empirical survey of 184 companies, the results of which were analyzed using statistical-empirical methods. Findings – The article asked – based on the subjective perception of cybersecurity and cyber risks – to what extent family businesses are sensitized to the topic and what conclusions they draw from it. An interesting tension emerges: family businesses see their employees more as a security risk, but do less than nonfamily businesses in terms of both training and organizational establishment. Whether this is due to a lack of technical or managerial expertise, or whether family businesses simply think they can prevent cybersecurity with less formal methods such as trust, is open to conjecture, but cannot be demonstrated with the research approach taken here. Qualitative follow-up studies are needed here. Originality/value – This paper represents the first quantitative survey on cybersecurity with a specific focus on family businesses. It shows tension between awareness, especially of risks emanating from employees, and organizational routines that have not been implemented or established.

Published
2022
Full Text
View/download PDF

13. How Google Cloud's Information Security Chief Is Preparing For AI Attackers.

Author

Nieva, Richard

Subjects
INFORMATION technology security, CLOUD computing, ARTIFICIAL intelligence, INTERNET security, CONSULTANTS
Abstract

Phil Venables, an honoree of the 2024 Forbes CIO Next list, helps other companies safeguard their systems on Google's cloud, acting like a "trusted advisor." [ABSTRACT FROM AUTHOR]

Published
2024

14. What The SolarWinds Case Means For CISOs And Corporate Cybersecurity.

Author

Poinski, Megan

Subjects
DISCLOSURE, INTERNET security, PROSECUTION, CRIMINALS
Abstract

Bitsight's Derek Vadala says the SEC's decision to prosecute the company and its CISO led organizations to reconsider online disclosures and personal risks. [ABSTRACT FROM AUTHOR]

Published
2024

15. Why This Cybersecurity CEO Says The CISO Has To Go.

Author

Poinski, Megan

Subjects
INFORMATION technology, INTERNET security, SECURITY systems, CHIEF executive officers, HIGH technology industries
Abstract

J.J. Guy of Sevco Security says having separate teams handling IT systems and security make it difficult to effectively protect companies from digital threats. [ABSTRACT FROM AUTHOR]

Published
2024

16. World Economic Forum spotlights growing gap in cyber readiness.

Author

Kapko, Matt

Subjects
CHIEF risk officers, ECOLOGICAL resilience, SUPPLY chain disruptions, FRAUD, RANSOMWARE
Abstract

The World Economic Forum's Global Cybersecurity Outlook for 2025 highlights ransomware as the top organizational cyber risk, with nearly half of respondents expressing concern about ransomware attacks. The report reveals a significant gap in cyber readiness between large enterprises and small organizations, with small organizations feeling inadequately prepared for cyber risks. Supply chain challenges and fraud from digital threats are identified as major barriers to cyber resiliency, emphasizing the need for improved cybersecurity measures across organizations of all sizes. [Extracted from the article]

Published
2025

17. 4 cybersecurity trends to watch in 2025.

Author

Jones, David and Kapko, Matt

Subjects
DATA privacy, INFORMATION technology, CHIEF risk officers, MULTI-factor authentication, BLACK swan theory, RANSOMWARE
Abstract

The article "4 cybersecurity trends to watch in 2025" highlights the challenges and trends in the cybersecurity industry. It discusses the proliferation of single points of failure in IT systems, the evolving regulatory landscape impacting CISOs, and ongoing attacks on U.S. telecom networks. The role of the CISO is also evolving, with increased focus on risk mitigation and compliance. The article emphasizes the need for businesses to address vulnerabilities and adapt to the changing cybersecurity landscape. [Extracted from the article]

Published
2025

18. T-Mobile undeterred as telecom sector reels from attack campaign.

Author

Kapko, Matt

Subjects
INFRASTRUCTURE (Economics), TELECOMMUNICATION systems, MULTI-factor authentication, 4G networks, TELECOMMUNICATION
Abstract

T-Mobile has faced multiple cybersecurity breaches, including a significant data breach in 2021 that exposed personal data of millions. Despite this, T-Mobile successfully prevented a recent attack by a threat group linked to China, known as Salt Typhoon, from accessing sensitive customer data. T-Mobile's Chief Security Officer credited their revamped internal cybersecurity efforts for deterring the attacker. The company has made significant investments in cybersecurity, including implementing multifactor authentication to prevent credential theft, showcasing a commitment to improving cybersecurity measures. [Extracted from the article]

Published
2024

19. Cyber-Resiliency for Digital Enterprises: A Strategic Leadership Perspective

Author

Jeremy Zwiegelaar, Charles Booth, Vikas Kumar, and John Loonam

Subjects
business.industry, Business process, Strategy and Management, Corporate governance, media_common.quotation_subject, Cyber Security, Leadership, CIO, CISO, Qualitative inquiry, Interviews, 05 social sciences, Mindset, Information security, Public relations, Management, Officer, Strategic leadership, Transformational leadership, 0502 economics and business, Psychological resilience, Electrical and Electronic Engineering, business, 050203 business & management, media_common
Abstract

As organizations increasingly view information as one of their most valuable assets, which supports the creation and distribution of their products and services, information security will be an integral part of the design and operation of organizational business processes. Yet, risks associated with cyber attacks are on the rise. Organizations that are subjected to attacks can suffer significant reputational damage as well as loss of information and knowledge. As a consequence, effective leadership is cited as a critical factor for ensuring corporate level attention for information security. However, there is a lack of empirical understanding as to the roles strategic leaders play in shaping and supporting the cyber security strategy. This study seeks to address this gap in the literature by focusing on how senior leaders support the cyber security strategy. The authors conducted a series of exploratory interviews with leaders in the positions of Chief Information Officer, Chief Security Information Officer, and Chief Technology Officer. The findings revealed that leaders are engaged in both transitional, where the focus is on improving governance and integration, and transformational support, which involves fostering a new cultural mindset for cyber resiliency and the development of an ecosystem approach to security thinking. Managerial relevance statement Our findings provide interesting insights for managers particularly those in the role of Chief Information Officers (CIOs), Chief Security Information Officers (CSIOs), and Chief Technology Officers (CTOs). We propose a Cyber Security Strategy Framework (CSSF) which can be used by these information/technology managers to design an effective organizational strategy to develop cyber resilience in their organization. Our framework suggests that managers should focus on transitional and transformational support. The transitional support focuses on improving governance and integration whereas transformational support focuses on the emphasis of fostering a new cultural mindset for cyber resiliency and the development of an ecosystem approach to security thinking. Our findings provide good evidence showing how leaders can support more effective cyber security initiatives.

Published
2022
Full Text
View/download PDF

20. Who should be in the room when purchasing cyber insurance?

Author

Hedberg, Peter

Subjects
CYBERTERRORISM, ELECTRONIC commerce, RANSOMWARE, INFORMATION technology, INFORMATION superhighway
Abstract

The article emphasizes that cybersecurity should take the lead when evaluating cyber insurance policies. Topics include the importance of strong security controls and an incident-response plan in mitigating risks and improving insurability, the growing trend of organizations enhancing their security measures to meet insurer requirements, and the crucial role of the Chief Information Security Officer (CISO) in evaluating and selecting cyber insurance policies.

Published
2024

21. UnitedHealth Group names new CISO 8 months after massive ransomware attack.

Author

Kapko, Matt

Subjects
INTERNET security, DATA protection
Abstract

The article focuses on UnitedHealth Group's appointment of a new Chief Information Security Officer following a major ransomware attack, with topics including cybersecurity leadership, improved data protection measures, and strategies for incident response.

Published
2024

22. CISOs are gaining influence among corporate leadership.

Author

Jones, David

Subjects
LEADERSHIP, INTERNET security, CHIEF executive officers, EXECUTIVES, INVESTMENTS
Abstract

The article offers information on the increasing influence of Chief Information Security Officers (CISOs) within corporate leadership as organizations prioritize cybersecurity risk management. Topics include the growing participation of CISOs in strategic technology discussions; the trend of CISOs reporting directly to CEOs; and the evolving role of cybersecurity in shaping companies' technology investments and compliance with regulatory requirements.

Published
2024

23. Majority of global CISOs want to split roles as regulatory burdens grow.

Author

Jones, David

Subjects
CHIEF information officers, COMPUTER hackers, COMPUTER security, COMPUTER crimes, COMPUTER networks
Abstract

The article offers information on the growing consensus among Chief Information Security Officers (CISOs) that their roles should be divided into two separate positions due to increasing regulatory and financial responsibilities. Topics include insights from a recent Trellix and Vanson Bourne report indicating that a majority of CISOs advocate for a technical security role and a compliance-focused position, as well as concerns about heightened personal liability from regulatory changes.

Published
2024

24. CISOs, C-suite remain at odds over corporate cyber resilience.

Author

Jones, David

Subjects
INFORMATION technology, SENIOR leadership teams, INTERNET security, EXECUTIVES
Abstract

The article focuses on the challenges security and IT (information technology) executives encounter in conveying cyber resilience strategies to C-suite leadership, following the SEC's (U.S. Securities and Exchange Commission) vote on incident disclosure. It highlights a significant perception gap, with technology leaders viewing cybersecurity as a critical risk, while business executives prioritize other concerns, resulting in limited CISO involvement in strategic planning.

Published
2024

25. Microsoft names deputy CISOs, flushes dead accounts as part of internal security overhaul.

Author

Jones, David

Subjects
INTERNET security, CORPORATE reorganizations, CHIEF information officers, INTERNAL security
Abstract

The article reports on the launch of a Cybersecurity Governance Council by Microsoft as part of a restructuring of its internal security culture following a report from the federal Cyber Safety Review. Topics include duty of the council, the naming of 13 deputy chief information security officers (CISOs) by Microsoft that will be responsible for specific product segments within the company, and internal changes detailed by Microsoft to reduce risk in its cloud and production environment.

Published
2024

26. Kevin Mandia's 5 question confidence test for CISOs.

Author

Kapko, Matt

Subjects
CHIEF information officers, SECURITY management, DIGITAL currency, EXECUTIVES
Abstract

The article presents the discussion on Kevin Mandia's advice to CEOs and boards on evaluating the effectiveness of their Chief Information Security Officers (CISOs), emphasizing the importance of having a security-minded CISO for a strong security program. Topics include Mandia's perspective on the challenges of cybersecurity, the asymmetric nature of cyberthreats; and the five questions he developed to help executives gauge their CISO's capabilities.

Published
2024

27. Difendere e creare valore con la cybersecurity

Author

DE NICOLA, Manuel

Subjects
creazione di valore, cybersecurity, Controllo di gestione, CISO, risk management, Controllo di gestione, CISO, creazione di valore, cybersecurity, risk management
Published
2023

28. 3 tips to building a robust AI security strategy.

Author

Chuvakin, Anton

Subjects
ARTIFICIAL intelligence, INTERNET security, DATA encryption, RISK assessment, SECURITY management
Abstract

The article focuses on building a comprehensive Artificial Intelligence (AI) security strategy. Topics include implementing guardrails with human oversight and technical controls, prioritizing security architecture and technical measures to protect AI, and developing a robust cyber strategy to address evolving threats.

Published
2024

29. 3 CIO lessons for maximizing cybersecurity investments.

Author

Wilkinson, Lindsey

Subjects
CHIEF information officers, INTERNET security, RATE of return, SENIOR leadership teams, ORGANIZATIONAL change
Abstract

The article focuses on three critical lessons for CIOs (Chief Information Officer) to maximize cybersecurity investments, emphasizing the importance of taking stock of existing assets, identifying gaps, and clearly demonstrating the value of investments. It highlights how, despite increasing awareness of cybersecurity risks, tech leaders must still effectively communicate the Return on Investment of their investments to the C-suite to secure necessary resources and drive organizational change.

Published
2024

30. Microsoft Deputy CISO recounts responding to the CrowdStrike outage.

Author

Kapko, Matt

Subjects
COMPUTER software, INTERNET security, SUPPLY chains
Abstract

The article focuses on Microsoft Deputy CISO Ann Johnson's experience responding to a major information technology (IT) outage caused by a CrowdStrike software update. Topics include the collective industry effort to resolve the crisis, the importance of collaboration across competitors during such events, and Johnson's reflections on the resilience and power of the cybersecurity community in overcoming adversity.

Published
2024

31. Are cybersecurity professionals OK?

Author

Kapko, Matt

Subjects
PROFESSIONAL employees, INTERNET security, JOB stress, PSYCHOLOGICAL burnout, MENTAL health, PSYCHOLOGICAL adaptation, CYBERTERRORISM
Abstract

The article offers a look at the personal tools of the job of cybersecurity professionals. Topics discussed include stress and burnout brought by cybersecurity work, the need for cybersecurity professionals to separate their personal lives from their job, coping mechanisms such as personal therapy and seeking mental health assistance, and maintaining the right balance with a reflective perspective to deal with the psychologically impact of cyberattacks.

Published
2024

32. SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency.

Author

Jones, David

Subjects
FRAUD, INTERNET security, PUBLIC companies
Abstract

The article reports that a federal court's decision to dismiss most civil fraud charges against SolarWinds could influence the U.S. Securities and Exchange Commission (SEC's) approach to regulating cyber risk disclosures. Topics include the implications for SolarWinds and its CISO, the potential limitations on SEC enforcement, and the broader impact on cybersecurity transparency requirements for public companies.

Published
2024

33. CrowdStrike CEO's quick apology stands out in an industry rife with deflection.

Author

Kapko, Matt

Subjects
INTERNET security, SUPPLY chains, COMPUTER security
Abstract

The article discusses CrowdStrike Chief Executive Officer George Kurtz's rare and heartfelt apology for a software update that caused a global IT outage. Topics include the unusual transparency and apology from CrowdStrike executives in response to a major industry crisis; the significant damage to the company's reputation and the broader impact on the global economy; and the potential lessons for the cybersecurity industry regarding accountability and crisis management.

Published
2024

34. What does your CEO need to know about cybersecurity?

Author

Miller, Jen A.

Subjects
CHIEF executive officers, INTERNET security, CYBERTERRORISM, CORPORATE governance, NATIONAL security
Abstract

The article focuses on the heightened accountability of CEOs (chief executive officers) in cybersecurity, emphasizing their evolving role in mitigating risks and ensuring resilience against cyber threats. It underscores the shift where CEOs are expected to integrate cybersecurity into business strategy and face legal repercussions for breaches, reflecting broader implications for corporate governance and national security.

Published
2024

35. Snowflake allows admins to enforce MFA as breach investigations conclude.

Author

Kapko, Matt

Subjects
MULTI-factor authentication, CYBERTERRORISM, DATA warehousing, INTERNET security
Abstract

The article focuses on a cloud-based data warehousing company, Snowflake's recent security policy changes regarding multifactor authentication (MFA) following targeted attacks on customer environments. It highlights Snowflake's decision to give administrators greater control over MFA enforcement without making it mandatory, reflecting a strategic response to recent incidents.

Published
2024

36. As CISOs grapple with the C-suite, job satisfaction takes a hit.

Author

Poremba, Sue

Subjects
JOB satisfaction, INTERNET security, CHIEF information officers, CYBERTERRORISM, WAGES
Abstract

The article focuses on the critical issue of job satisfaction among Chief Information Security Officers (CISOs), highlighting its direct correlation with their access to organizational leadership. It discusses how despite lucrative salaries, many CISOs are considering job changes due to feeling scapegoated for cyber incidents and compliance failures. It emphasizes the importance of integrating CISOs into board-level discussions to enhance organizational cybersecurity resilience.

Published
2024

37. Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation.

Author

Jones, David

Subjects
INTERNET security, GOVERNMENT agencies, ADMINISTRATIVE law
Abstract

The article focuses on the implications of the U.S. Supreme Court's decision to overturn the Chevron doctrine on cybersecurity regulation. Topics include potential legal challenges to recent cybersecurity measures, impacts on the Cyber Incident Reporting for Critical Infrastructure Act, and the need for federal agencies to seek more explicit authority from Congress when creating future cybersecurity regulations.

Published
2024

38. What we know about the Snowflake customer attacks.

Author

Kapko, Matt

Subjects
CYBERTERRORISM, MALWARE, DATA warehousing, IDENTIFICATION documents
Abstract

The article focuses on a wave of cyberattacks targeting a cloud-based data warehousing platform, Snowflake customer environments over the past two months. It is reported that these attacks have affected at least 100 confirmed Snowflake customers, with approximately 165 businesses potentially exposed. It is further noted that the attacks involve stolen credentials obtained from malware infections on non-Snowflake systems rather than vulnerabilities within Snowflake's own systems.

Published
2024

39. Few CFOs control cybersecurity budgets.

Author

Sadovi, Maura Webber

Subjects
INTERNET security, CYBERTERRORISM, CHIEF financial officers, EXECUTIVES, BUDGET
Abstract

The article delves into the dynamics of cybersecurity budget allocation within companies, highlighting the roles of different executives, particularly CFOs (chief financial officer) and tech executives. It reveals that while cybersecurity budgets often fall under the purview of tech executives, there's a growing argument for CFOs to take a more active role due to the financial implications of cyberattacks.

Published
2024

40. White House wants to harmonize the breadth of cybersecurity regulations.

Author

Jones, David

Subjects
INTERNET security, PRIVATE sector, DISCLOSURE, RECIPROCITY (International law)
Abstract

The article reports that the Joe Biden administration unveiled a plan to harmonize various cybersecurity regulations across federal, state, and international levels to enhance cyber resilience in the private sector and critical infrastructure. Topics include simplifying the reporting process to reduce duplicate disclosure requirements, developing a pilot reciprocity framework to streamline administrative burdens, and seeking legislative support to address regulatory redundancies.

Published
2024

41. CISOs under pressure from boards to downplay cyber risk: study.

Author

Jones, David

Subjects
LAW enforcement, INFORMATION technology, INTERNET security, CORPORATE directors, DATA security failures
Abstract

The article focuses on the pressure that Chief Information Security Officers (CISOs) and Information Technology (IT) security leaders face from corporate boards to downplay cyber risk severity. Topics include the tension between corporate executives and security operations, regulatory requirements for disclosing cyber incidents, and differing views on board pressure and alignment between CISOs and company executives.

Published
2024

42. Popular LLMs are insecure, UK AI Safety Institute warns.

Author

Wilkinson, Lindsey

Subjects
LANGUAGE models, INTERNET security, BUSINESS enterprises, VENDORS (Real property), ARTIFICIAL intelligence
Abstract

The article reports that large language models (LLMs) lack effective built-in safeguards against basic jailbreaks and can produce harmful outputs even without dedicated attempts to bypass their protections, according to research from the UK AI Safety Institute. Topics include the rising security concerns as AI becomes more prevalent in enterprise technology, the need for internal safeguards alongside vendor-embedded safety measures, and government-led initiatives to enhance AI safety testing.

Published
2024

43. Cybersecurity leaders expect their SOC budgets to grow, KPMG finds.

Author

Sadovi, Maura Webber

Subjects
INTERNET security, BREACH of contract
Abstract

The article presents the discussion on cybersecurity leaders reported their security operations center was hit by a recent cyberattack that led to a security breach including security leaders spend SOC money showing the allocations of the SOC budget spread across center's activities.

Published
2024

44. What is success in cybersecurity? Failing less.

Author

Kapko, Matt

Subjects
INTERNET security, INVESTMENTS, CYBERTERRORISM, BUSINESS enterprises, ASSOCIATIONS, institutions, etc.
Abstract

The article delves into the concept of success in cybersecurity, emphasizing the importance of mitigating risks and minimizing the impact of incidents rather than striving for complete prevention. It discusses the evolving nature of cyber threats and the need for organizations to focus on response strategies, investments in defense, and demonstrating the value of cybersecurity efforts to the broader business.

Published
2024

45. The art of threat modeling: 3 frameworks to know.

Author

Dupre, William

Subjects
COMPUTER network security, CYBERTERRORISM, COMPUTER operating systems, COMPUTER simulation, SIMULATION methods & models
Abstract

The author discusses security threats that could impact systems of organizations and explores threat modeling that may be used to identify exposures and mitigations in a system. He tackles the concept of threat modeling. He explains how to use the three threat models, which includes STRIDE and LINDDUN. He offers tips when considering who to involve in threat modeling.

Published
2024

46. Cybersecurity jobs pay well, but gender disparities persist.

Author

Kapko, Matt

Subjects
INTERNET security, MINIMUM wage, EMPLOYEE seniority, LABOR supply, GENDER wage gap
Abstract

The article focuses on the financial landscape of U.S. cybersecurity jobs, highlighting significant pay disparities between genders despite strong average annual salaries. Topics include the average annual base salary of 147,138, U.S. dollars the variations in salaries across different seniority levels, and the lasting gender pay gaps persisting in the cybersecurity sector.

Published
2024

47. CISO role shows significant gains amid corporate recognition of cyber risk.

Author

Jones, David

Subjects
INTERNET security, SECURITY management, CORPORATE governance, RISK assessment, BUSINESS enterprises
Abstract

The article highlights the rising importance of Chief Information Security Officers (CISOs) and senior cybersecurity executives within companies, as revealed by a report from Moody's Ratings. It discusses the increasing direct reporting of cybersecurity managers to top-level company executives, particularly CEOs, and the greater scrutiny faced by CISOs following recent high-profile cyberattacks.

Published
2024

48. How CISO salaries are faring as businesses ask more of security.

Author

Poremba, Sue

Subjects
CHIEF information officers, WAGES, INTERNET security, ORGANIZATIONAL transparency, COMPENSATION (Law)
Abstract

The article focuses on the salaries of Chief Information Security Officers (CISOs), highlighting their significant compensation packages, often surpassing six figures, and the increasing importance of their role within organizations due to cybersecurity risks. Topics include the impact of technical skills on salary, the influence of salary transparency laws on compensation trends, and the ongoing challenge of recognizing the value of security in relation to compensation.

Published
2024

49. AWS CISO: Generative AI is just a tool, 'not a magic wand'.

Author

Kapko, Matt

Subjects
GENERATIVE artificial intelligence, LEADERSHIP, SECURITY management
Abstract

The article discusses Amazon Web Services Chief Information Security Officer Chris Betz's perspective on generative Artificial Intelligence (AI) in cybersecurity, emphasizing its role as a tool rather than a magical solution. Topics include security tools, cloud technology use, and leadership strategies in navigating the potential of generative AI in the industry.

Published
2024

50. Why Okta is overhauling its priorities, culture around security.

Author

Kapko, Matt

Subjects
INTERNET security, CYBERTERRORISM, CLIENTS, RESOURCE management
Abstract

The article focuses on Okta's decision to overhaul its priorities and culture around security due to a series of attacks targeting both the company and its customers' environments since 2022. It reports that Okta executives have paused product development and redirected resources to prioritize security following a significant attack on its support portal in September, which exposed all of its customer support system clients, guiding the company's path forward.

Published
2024

Catalog

Books, media, physical & digital resources
See catalog results