Search

Your search keyword '"CISO"' showing total 106 results
Start Over Descriptor "CISO"
106 results on '"CISO"'

2. Teacher, enforcer, soothsayer, scapegoat : the purpose of the CISO in commercial organisations

Author

Da Silva, Joseph

Subjects
CISO, Cyber security, Interpretive research, Business and Society
Abstract

The employment of a Chief Information Security Officer (CISO) is common in commercial businesses. However, the purpose of the CISO role is not well understood. This thesis provides in-depth perspectives on the CISO role, and, in so doing, brings to the fore a nuanced understanding of its purpose and surfaces the experiences of those performing it. The thesis is grounded in an in-depth study of 18 UK-based but predominantly multinational organisations. It utilises semi-structured interviews with 15 CISOs and six senior organisational leaders, as well as an analysis of each organisation's annual report. Through the application of empirically-grounded sociological theories to an interpretation of the findings, the thesis makes theoretical, practical, methodological, and empirical contributions. These include employing broader security scholarship related to ontological security and sociological notions of identity work to determine that cyber security plays an important role in business identity, being both threat to, and constituent of, that identity. It shows that the CISO's own identity is conflicted and contradictory and proposes a metaphor of soothsaying that provides further insight. By applying analytical lenses of risk management and governance, it shows that the CISO represents an attempt to control cyber-security uncertainty, and highlights paradoxes relating to the role that the CISO plays in risk management. Further, it introduces the concept of recreancy to cyber-security practice. Cyber security is also explored in wider societal contexts, with the work of Thomas Hobbes used as an analytical lens. This indicates that cyber-security practices within businesses are beneficial to the state and shows that cyber-security threats are survival-level concerns feared by both states and businesses. Reflexivity in relation to the complex and enmeshed nature of cyber-security practice within broader society is also motivated by the thesis. The thesis concludes with considerations for future work that have been provoked by this research.

Published
2023

3. The adoption of a cybersecurity framework in a healthcare, surgical and oncological environment: Synergy-net a Campania FESR-POR (European Fund of Regional Development-Regional Operative Program) research project.

Author

Parmeggiani, Domenico, Moccia, Giancarlo, Torelli, Francesco, Miele, Francesco, Luongo, Pasquale, Sperlongano, Pasquale, Allaria, Alfredo, Sciarra, Antonella, De Falco, Nadia, Donnarumma, Maddalena, Colonnese, Chiara, Bassi, Paola, and Agresti, Massimo

Subjects
HEALTH Insurance Portability & Accountability Act, CHIEF information officers, INFORMATION technology security, MANAGEMENT information systems, INFORMATION resources management
Abstract

As with any other sector, the healthcare industry is also prone to cyber threats. Though the nature of threats is similar to any other industries, it does need to address sector-specifics risks along with security risks in its operating environments. Every day the Hospitals need to ensure that the information is adequately secured. Currently Chief Information Officer (CIOs) and Chief Information Security Officer (CISOs) are trying to protect their hospital Information Systems (IS) departments from security threats. It's imperative to take necessary measures to ensure risk management and business continuity. The paper addresses some of the challenges faced by healthcare organizations in the selection of a cyber-security framework by reviewing some of the common standards and frameworks that are used by healthcare organizations. The also paper highlights the advantages and disadvantages of each of the standards as: international organization for standardization (ISO)/IEC 27799, Health Insurance Portability and Accountability Act (HIPAA), HITRUST, Nation Institute of Standards and Technology (NIST) has developed the Cyber Security Framework (CSF) and General Data Protection Regulation (GDPR) and compare and the additional directives provided by this standards. [ABSTRACT FROM AUTHOR]

Published
2024

4. Cybersecurity Leadership: Delineating Secure Landscape.

Author

Kritika

Abstract

An organization’s ability to navigate the complex terrain of cyberspace depends heavily on the leadership. As organizations are increasingly going digital, there has been a corresponding rise in cybersecurity threats. Hence the need for a robust, efficient and effective cybersecurity leadership (Chief Information Security Officer, CISO) in the digital sphere. Leadership in cyberspace is a multifaceted and cross-functional approach, requiring vision, strategic acumen and commitment. The paper presents a thorough examination of the dynamic relationship between cybersecurity and leadership, cybersecurity leadership skills, role of CISOs, and cybersecurity challenges and solutions. [ABSTRACT FROM AUTHOR]

Published
2024

7. CISO: Co-iteration semi-supervised learning for visual object detection.

Author

Qi, Jianchun, Nguyen, Minh, and Yan, Wei Qi

Abstract

Semi-supervised learning offers a solution to the high cost and limited availability of manually labeled samples in supervised learning. In semi-supervised visual object detection, the use of unlabeled data can significantly enhance the performance of deep learning models. In this paper, we introduce an end-to-end framework, named CISO (Co-Iteration Semi-Supervised Learning for Object Detection), which integrates a knowledge distillation approach and a collaborative, iterative semi-supervised learning strategy. To maximize the utilization of pseudo-label data and address the scarcity of pseudo-label data due to high threshold settings, we propose a mean iteration approach where all unlabeled data is applied to each training iteration. Pseudo-label data with high confidence is extracted based on an ever-changing threshold (average intersection over union of all pseudo-labeled data). This strategy not only ensures the accuracy of the pseudo-label but also optimizes the use of unlabeled data. Subsequently, we apply a weak-strong data augmentation strategy to update the model. Lastly, we evaluate CISO using Swin Transformer model and conduct comprehensive experiments on MS-COCO. Our framework showcases impressive results, outperforms the state-of-the-art methods by 2.16 mAP and 1.54 mAP with 10% and 5% labeled data, respectively. [ABSTRACT FROM AUTHOR]

Published
2024
Full Text
View/download PDF

8. The Information Security Function and the CISO in Colombia: 2010–2020

Author

Cano M., Jeimy J., Almanza J., Andrés R., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Rocha, Álvaro, editor, Ferrás, Carlos, editor, and Ibarra, Waldo, editor

Published
2023
Full Text
View/download PDF

10. Integrated Approach to Assessing the Progress of Digital Transformation by Using Multiple Objective and Subjective Indicators

Author

Borissova, Daniela, Dimitrova, Zornitsa, Naidenov, Naiden, Yoshinov, Radoslav, van der Aalst, Wil, Series Editor, Mylopoulos, John, Series Editor, Ram, Sudha, Series Editor, Rosemann, Michael, Series Editor, Szyperski, Clemens, Series Editor, Guizzardi, Renata, editor, Ralyté, Jolita, editor, and Franch, Xavier, editor

Published
2022
Full Text
View/download PDF

11. A Qualitative Exploration of Stressors Influencing Chief Information Security Officers (CISOs) Burnout.

Author

Mulgund, Pavankumar, Higgins, Kathryn, Singh, Raghvendra, Yafang Li, and Shaw Liam Chew

Subjects
PSYCHOLOGICAL burnout, ORGANIZATION management, DATA privacy, CORPORATE culture, WELL-being
Abstract

The role of Chief Information Security Officers (CISOs) is crucial in safeguarding organizations against cyber threats, but it comes with a significant burden. CISOs often work long hours, face a constantly evolving threat landscape, and must balance budget constraints with the need for comprehensive security measures. However, the responsibility can lead to burnout, which not only impacts CISOs' well-being but also the organization's security posture. To prevent CISO burnout, it is crucial to identify the factors influencing it. Through interviews with 11 CISOs, we identified five types of stressors relevant to burnout, including organizational culture related stressors, resources related stressors, job responsibilities related stressors, contextual factors, and emerging stressors. Addressing these stressors and providing support to mitigate the identified stressors is crucial to prevent burnout, support CISOs' well-being, and maintain their effectiveness in their role, which is critical in protecting organizations from cyber threats. [ABSTRACT FROM AUTHOR]

Published
2023

12. Organizational aspects of cybersecurity in German family firms – Do opportunities or risks predominate?

Author

Patrick Sven Ulrich, Alice Timmermann, and Vanessa Frank

Subjects
Cybercrime, Cyber risks, Cybersecurity, Family firms, Empirical study, CISO, Information technology, T58.5-58.64, Management information systems, T58.6-58.62
Abstract

Purpose – The starting point for the considerations the authors make in this paper are the special features of family businesses in the area of management discussed in the literature. It has been established here that family businesses sometimes choose different organizational setups than nonfamily businesses. This has not yet been investigated for cybersecurity. In the context of cybersecurity, there has been little theoretical or empirical work addressing the question of whether the qualitative characteristics of family businesses have an impact on the understanding of cybersecurity and the organization of cyber risk defense in the companies. Based on theoretically founded hypotheses, a quantitative empirical study was conducted in German companies. Design/methodology/approach – The article is based on a quantitative-empirical survey of 184 companies, the results of which were analyzed using statistical-empirical methods. Findings – The article asked – based on the subjective perception of cybersecurity and cyber risks – to what extent family businesses are sensitized to the topic and what conclusions they draw from it. An interesting tension emerges: family businesses see their employees more as a security risk, but do less than nonfamily businesses in terms of both training and organizational establishment. Whether this is due to a lack of technical or managerial expertise, or whether family businesses simply think they can prevent cybersecurity with less formal methods such as trust, is open to conjecture, but cannot be demonstrated with the research approach taken here. Qualitative follow-up studies are needed here. Originality/value – This paper represents the first quantitative survey on cybersecurity with a specific focus on family businesses. It shows tension between awareness, especially of risks emanating from employees, and organizational routines that have not been implemented or established.

Published
2022
Full Text
View/download PDF

14. How Google Cloud's Information Security Chief Is Preparing For AI Attackers.

Author

Nieva, Richard

Subjects
INFORMATION technology security, CLOUD computing, ARTIFICIAL intelligence, INTERNET security, CONSULTANTS
Abstract

Phil Venables, an honoree of the 2024 Forbes CIO Next list, helps other companies safeguard their systems on Google's cloud, acting like a "trusted advisor." [ABSTRACT FROM AUTHOR]

Published
2024

15. The Impact of CISO Appointment Announcements on the Market Value of Firms.

Author

Ford, Adrian, Al-Nemrat, Ameer, Ghorashi, Seyed Ali, and Davidson, Julia

Abstract

Previous studies concerning the economic impact of security events on publicly listed companies have focussed on the negative effect of data breaches and cyberattacks with a view to encouraging firms to improve their cyber security posture to avoid such incidents. This paper is an initial study on the impact of investment in human capital related to security, specifically appointments of chief information security officers (CISO), chief security officers (CSO) or similar overall head of security roles. Using event study techniques, a dataset of 37 CISO type appointment announcements spanning multiple world markets between 2012 and 2019 was analysed and statistically significant (at the 5% level) positive cumulative abnormal returns (CAR) of around 0.8% on average were observed over the three-day period before, during and after the announcement. Furthermore, this positive CAR was found to be highest, at nearly 1.8% on average, within the financial services sector and showing statistical significance at the 1% level. In addition to the industry sector, other characteristics were investigated such as job title, reporting structure, comparison of internal versus external appointments, gender and variations between markets. Although these findings were not as conclusive they are, nevertheless, good pointers for future research in this area. This overall positive market reaction to CISO related announcements is a strong case for publicly listed firms to be transparent in such appointments and to, perhaps, review where that function sits within their organisation to ensure it delivers the greatest benefits. As 24% of the firms analysed were listed outside the US, this study also begins to counter the strong US bias seen in similar and related studies. This research is expected to be of interest to business management, cyber security practitioners, investors and shareholders as well as researchers in cyber security or related fields. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

16. Future Needs of the Cybersecurity Workforce.

Author

Justice, Connie, Sample, Char, Sin Ming Loo, Ball, Alex, and Hampton, Clay

Abstract

Expected growth of the job market for cyber security professionals in both the US and the UK remains strong for the foreseeable future. While there are many roles to be found in cyber security, that vary from penetration tester to chief information security officer (CISO). One job of particular interest is security architect. The rise in Zero Trust Architecture (ZTA) implementations, especially in the cloud environment, promises an increase in the demand for these security professionals. A security architect requires a set of knowledge, skills, and abilities covering the responsibility for integrating the various security components to successfully support an organization’s goals. In order to achieve the goal of seamless integrated security, the architect must combine technical skills with business, and interpersonal skills. Many of these same skills are required of the CISO, suggesting that the role of security architect may be a professional stepping-stone to the role of CISO. We expected degreed programs to offer courses in security architecture. Accredited university cyber security programs in the United Kingdom (UK) and the United States of America (USA) were examined for course offerings in security architecture. Results found the majority of programs did not offer a course in security architecture. Considering the role of the universities in preparing C-suite executives, the absence of cyber security architecture offerings is both troubling and surprising. [ABSTRACT FROM AUTHOR]

Published
2022
Full Text
View/download PDF

17. What The SolarWinds Case Means For CISOs And Corporate Cybersecurity.

Author

Poinski, Megan

Subjects
DISCLOSURE, INTERNET security, PROSECUTION, CRIMINALS
Abstract

Bitsight's Derek Vadala says the SEC's decision to prosecute the company and its CISO led organizations to reconsider online disclosures and personal risks. [ABSTRACT FROM AUTHOR]

Published
2024

18. The Soft Skills Business Demands of the Chief Information Security Officer.

Author

Smit, Richard, van Yperen Hagedoorn, Jeroen M. J., Versteeg, Patric, and Ravesteijn, Pascal

Subjects
CHIEF information officers, BUSINESS skills, SOFT skills, JOB analysis, JOB advertising
Abstract

While many researchers have investigated soft skills for different roles related to business, engineering, healthcare and others, the soft skills needed by the chief information security officer (CISO) in a leadership position are not studied indepth. This paper describes a first study aimed at filling this gap. In this multimethod research, both the business leaders perspective as well as an analysis of CISO job ads is studied. The methodology used to capture the business leaders perspective is via a Delphi study and the jobs adds are studied using a quantitative content analysis. With an increasing threat to information security for companies, the CISO role is moving from a technical role to an executive role. This executive function is responsible for information security across all layers of an organisation. To ensure compliance with the security policy among different groups within the company, such as employees, the board, and the IT department, the CISO must be able to adopt different postures. Soft skills are thus required to be able to assume this leadership role in the organisation. We found that when business leaders were asked about the most important soft skills the top three consisted out of 'communication', 'leadership' and 'interpersonal' skills while 'courtesy' was last on the list for a CISO leadership role. [ABSTRACT FROM AUTHOR]

Published
2021
Full Text
View/download PDF

19. Cyber-risk insurance — a big challenge facing contemporary economies

Author

CALIN Mihai Rangu and Leonardo Badea

Subjects
cyber risk, insurance, risk management, GDPR, underwriting, CISO, IT security, privacy, availability, data integrity, critical infrastructure, NIS, Finance, HG1-9999
Abstract

Cyber-security beyond the concept must be a product to be offered to modern society. We live in a complex world based on the digitization of products and services. Digitization also involves a complex system of associated risks. The road to the world of tomorrow goes through today's world and an analysis of the current situation in the contemporary economies about cyber risk insurance is only a first step that this article aims to achieve.The study aims to substantiate the need to formulate and assume policies and to support the regulation of cyber risk coverage by ensuring the need to support sectoral strategies to increase the level of maturity of companies from the perspective of protection against cyber threats. There is also a need to set up a cyber-risk reporting system, at least for critical and important infrastructures, the development and use by insurers of advisory and evaluation models based on standards and certifications recognized at the level of including the development of necessary skills for insurers to engineer these risks.

Published
2019

20. Why This Cybersecurity CEO Says The CISO Has To Go.

Author

Poinski, Megan

Subjects
INFORMATION technology, INTERNET security, SECURITY systems, CHIEF executive officers, HIGH technology industries
Abstract

J.J. Guy of Sevco Security says having separate teams handling IT systems and security make it difficult to effectively protect companies from digital threats. [ABSTRACT FROM AUTHOR]

Published
2024

21. From Degree to Chief Information Security Officer (CISO): A Framework for Consideration.

Author

Kappers, Wendi M. and Harrell, Nan

Subjects
CHIEF information officers, INFORMATION skills, CURRICULUM planning, JOB skills, INFORMATION technology security
Abstract

Educational entities are establishing program degree content designed to ensure information security skills are adequate and efficient for preparing students to be successful. Due to a perceived gap between academics and field knowledge, programs may not fully consider the competencies of C-Suite members. This study suggests the use of the Leavitt Diamond framework in conjunction with a DACUM approach to assist researchers in examining C-Suite skills as they relate to academic studies. This framework will assist researchers in examining C-Suite skills as they relate to academic studies. Since the Chief Information Security Officer position is new to the industry with reporting structures and roles varying widely, this study focuses on that role as a benchmark. This paper explores historical aspects of the computer science skills gap and provides survey validation results from invited faculty (n=5; 24%), who are both practitioners and academicians. A comparison between degree attainment and employment position is recorded to explore academic preparatory to job skill needs. Future curriculum designs will be discussed. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

22. 4 cybersecurity trends to watch in 2025.

Author

Jones, David and Kapko, Matt

Subjects
DATA privacy, INFORMATION technology, CHIEF risk officers, MULTI-factor authentication, BLACK swan theory, RANSOMWARE
Abstract

The article "4 cybersecurity trends to watch in 2025" highlights the challenges and trends in the cybersecurity industry. It discusses the proliferation of single points of failure in IT systems, the evolving regulatory landscape impacting CISOs, and ongoing attacks on U.S. telecom networks. The role of the CISO is also evolving, with increased focus on risk mitigation and compliance. The article emphasizes the need for businesses to address vulnerabilities and adapt to the changing cybersecurity landscape. [Extracted from the article]

Published
2025

23. T-Mobile undeterred as telecom sector reels from attack campaign.

Author

Kapko, Matt

Subjects
INFRASTRUCTURE (Economics), TELECOMMUNICATION systems, MULTI-factor authentication, 4G networks, TELECOMMUNICATION
Abstract

T-Mobile has faced multiple cybersecurity breaches, including a significant data breach in 2021 that exposed personal data of millions. Despite this, T-Mobile successfully prevented a recent attack by a threat group linked to China, known as Salt Typhoon, from accessing sensitive customer data. T-Mobile's Chief Security Officer credited their revamped internal cybersecurity efforts for deterring the attacker. The company has made significant investments in cybersecurity, including implementing multifactor authentication to prevent credential theft, showcasing a commitment to improving cybersecurity measures. [Extracted from the article]

Published
2024

24. Who should be in the room when purchasing cyber insurance?

Author

Hedberg, Peter

Subjects
CYBERTERRORISM, ELECTRONIC commerce, RANSOMWARE, INFORMATION technology, INFORMATION superhighway
Abstract

The article emphasizes that cybersecurity should take the lead when evaluating cyber insurance policies. Topics include the importance of strong security controls and an incident-response plan in mitigating risks and improving insurability, the growing trend of organizations enhancing their security measures to meet insurer requirements, and the crucial role of the Chief Information Security Officer (CISO) in evaluating and selecting cyber insurance policies.

Published
2024

25. Cyber-Resiliency for Digital Enterprises: A Strategic Leadership Perspective

Author

Jeremy Zwiegelaar, Charles Booth, Vikas Kumar, and John Loonam

Subjects
business.industry, Business process, Strategy and Management, Corporate governance, media_common.quotation_subject, Cyber Security, Leadership, CIO, CISO, Qualitative inquiry, Interviews, 05 social sciences, Mindset, Information security, Public relations, Management, Officer, Strategic leadership, Transformational leadership, 0502 economics and business, Psychological resilience, Electrical and Electronic Engineering, business, 050203 business & management, media_common
Abstract

As organizations increasingly view information as one of their most valuable assets, which supports the creation and distribution of their products and services, information security will be an integral part of the design and operation of organizational business processes. Yet, risks associated with cyber attacks are on the rise. Organizations that are subjected to attacks can suffer significant reputational damage as well as loss of information and knowledge. As a consequence, effective leadership is cited as a critical factor for ensuring corporate level attention for information security. However, there is a lack of empirical understanding as to the roles strategic leaders play in shaping and supporting the cyber security strategy. This study seeks to address this gap in the literature by focusing on how senior leaders support the cyber security strategy. The authors conducted a series of exploratory interviews with leaders in the positions of Chief Information Officer, Chief Security Information Officer, and Chief Technology Officer. The findings revealed that leaders are engaged in both transitional, where the focus is on improving governance and integration, and transformational support, which involves fostering a new cultural mindset for cyber resiliency and the development of an ecosystem approach to security thinking. Managerial relevance statement Our findings provide interesting insights for managers particularly those in the role of Chief Information Officers (CIOs), Chief Security Information Officers (CSIOs), and Chief Technology Officers (CTOs). We propose a Cyber Security Strategy Framework (CSSF) which can be used by these information/technology managers to design an effective organizational strategy to develop cyber resilience in their organization. Our framework suggests that managers should focus on transitional and transformational support. The transitional support focuses on improving governance and integration whereas transformational support focuses on the emphasis of fostering a new cultural mindset for cyber resiliency and the development of an ecosystem approach to security thinking. Our findings provide good evidence showing how leaders can support more effective cyber security initiatives.

Published
2022
Full Text
View/download PDF

27. AN EMPIRICAL STUDY OF POTENTIAL THREATS TO CYBERSECURITY IN 2019.

Author

Jain, Ruby Bhuvan, Puri, Manimala, and Jain, Umesh

Subjects
INTERNET security, DATA security failures, DENIAL of service attacks, EMPIRICAL research, THREATS
Abstract

There were 2,216 data breaches and more than 53,000 cybersecurity incidents reported in 65 countries in the 12 months ending in March 2018. The year of 2018 was certainly a busy one for the information security industry. Threats and breaches were aplenty and whilst trends like DDoS (Distributed Denial of Service) and ransomware played a notably less significant role than in 2017, phishing attacks hit companies hard and business email compromise skyrocketed over the course of the year. This year also saw the growth of a few new threats that seemed to catch many by surprise. As 2018 draws to a close, the industry is now preparing for the trends, threats and challenges that 2019 might have in store for businesses and consumers. This article has summarized the predictions by industry experts about threats in cybersecurity. Many industry experts have predicted various security threats, researcher tried to address many of them. The main focus area of this research work is to highlight potential threats in upcoming years. [ABSTRACT FROM AUTHOR]

Published
2019

28. A study of information systems issues, practices, and leadership in Europe.

Author

Kappelman, Leon, Johnson, Vess, Torres, Russell, Maurer, Chris, and McLean, Ephraim

Abstract

In the summer of 2017, an online survey was administered to European IT executives, asking them about their concerns, spending, investments, cloud usage, security, workforce, reporting relationships, and other issues of importance. A total of 276 organisations responded. Their top-five most important IT management concerns were: Alignment, Digital Transformation, Cybersecurity, Cost, and Business Agility. Similarly, their top-five largest IT investments were: Analytics, Software Development, Cloud, Cybersecurity, and ERP. The average age of the CIOs was 49, 41% reported to their CEO, and nearly two-thirds interacted with their CEO at least weekly. Almost three-quarters came from previous IT positions, but only a 16% from IT within their current organisations. On average, CIOs spend about 20% of their time interacting with members of the C-suite, about 26% with their IT employees, and about 16% with other corporate employees. IT spending was up nearly 5% over the previous year and averaged almost 7% of corporate revenues. Over two-thirds of companies reported the number of IT employees and salaries were both up and spending on Cloud also increased.This paper explores these and other findings and their implications for IT management practice. Comparisons with US -based organisations are also included. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

29. UnitedHealth Group names new CISO 8 months after massive ransomware attack.

Author

Kapko, Matt

Subjects
INTERNET security, DATA protection
Abstract

The article focuses on UnitedHealth Group's appointment of a new Chief Information Security Officer following a major ransomware attack, with topics including cybersecurity leadership, improved data protection measures, and strategies for incident response.

Published
2024

30. CISOs are gaining influence among corporate leadership.

Author

Jones, David

Subjects
LEADERSHIP, INTERNET security, CHIEF executive officers, EXECUTIVES, INVESTMENTS
Abstract

The article offers information on the increasing influence of Chief Information Security Officers (CISOs) within corporate leadership as organizations prioritize cybersecurity risk management. Topics include the growing participation of CISOs in strategic technology discussions; the trend of CISOs reporting directly to CEOs; and the evolving role of cybersecurity in shaping companies' technology investments and compliance with regulatory requirements.

Published
2024

31. Majority of global CISOs want to split roles as regulatory burdens grow.

Author

Jones, David

Subjects
CHIEF information officers, COMPUTER hackers, COMPUTER security, COMPUTER crimes, COMPUTER networks
Abstract

The article offers information on the growing consensus among Chief Information Security Officers (CISOs) that their roles should be divided into two separate positions due to increasing regulatory and financial responsibilities. Topics include insights from a recent Trellix and Vanson Bourne report indicating that a majority of CISOs advocate for a technical security role and a compliance-focused position, as well as concerns about heightened personal liability from regulatory changes.

Published
2024

32. CISOs, C-suite remain at odds over corporate cyber resilience.

Author

Jones, David

Subjects
INFORMATION technology, SENIOR leadership teams, INTERNET security, EXECUTIVES
Abstract

The article focuses on the challenges security and IT (information technology) executives encounter in conveying cyber resilience strategies to C-suite leadership, following the SEC's (U.S. Securities and Exchange Commission) vote on incident disclosure. It highlights a significant perception gap, with technology leaders viewing cybersecurity as a critical risk, while business executives prioritize other concerns, resulting in limited CISO involvement in strategic planning.

Published
2024

33. Microsoft names deputy CISOs, flushes dead accounts as part of internal security overhaul.

Author

Jones, David

Subjects
INTERNET security, CORPORATE reorganizations, CHIEF information officers, INTERNAL security
Abstract

The article reports on the launch of a Cybersecurity Governance Council by Microsoft as part of a restructuring of its internal security culture following a report from the federal Cyber Safety Review. Topics include duty of the council, the naming of 13 deputy chief information security officers (CISOs) by Microsoft that will be responsible for specific product segments within the company, and internal changes detailed by Microsoft to reduce risk in its cloud and production environment.

Published
2024

34. Kevin Mandia's 5 question confidence test for CISOs.

Author

Kapko, Matt

Subjects
CHIEF information officers, SECURITY management, DIGITAL currency, EXECUTIVES
Abstract

The article presents the discussion on Kevin Mandia's advice to CEOs and boards on evaluating the effectiveness of their Chief Information Security Officers (CISOs), emphasizing the importance of having a security-minded CISO for a strong security program. Topics include Mandia's perspective on the challenges of cybersecurity, the asymmetric nature of cyberthreats; and the five questions he developed to help executives gauge their CISO's capabilities.

Published
2024

35. 3 tips to building a robust AI security strategy.

Author

Chuvakin, Anton

Subjects
ARTIFICIAL intelligence, INTERNET security, DATA encryption, RISK assessment, SECURITY management
Abstract

The article focuses on building a comprehensive Artificial Intelligence (AI) security strategy. Topics include implementing guardrails with human oversight and technical controls, prioritizing security architecture and technical measures to protect AI, and developing a robust cyber strategy to address evolving threats.

Published
2024

36. 3 CIO lessons for maximizing cybersecurity investments.

Author

Wilkinson, Lindsey

Subjects
CHIEF information officers, INTERNET security, RATE of return, SENIOR leadership teams, ORGANIZATIONAL change
Abstract

The article focuses on three critical lessons for CIOs (Chief Information Officer) to maximize cybersecurity investments, emphasizing the importance of taking stock of existing assets, identifying gaps, and clearly demonstrating the value of investments. It highlights how, despite increasing awareness of cybersecurity risks, tech leaders must still effectively communicate the Return on Investment of their investments to the C-suite to secure necessary resources and drive organizational change.

Published
2024

37. Microsoft Deputy CISO recounts responding to the CrowdStrike outage.

Author

Kapko, Matt

Subjects
COMPUTER software, INTERNET security, SUPPLY chains
Abstract

The article focuses on Microsoft Deputy CISO Ann Johnson's experience responding to a major information technology (IT) outage caused by a CrowdStrike software update. Topics include the collective industry effort to resolve the crisis, the importance of collaboration across competitors during such events, and Johnson's reflections on the resilience and power of the cybersecurity community in overcoming adversity.

Published
2024

38. Are cybersecurity professionals OK?

Author

Kapko, Matt

Subjects
PROFESSIONAL employees, INTERNET security, JOB stress, PSYCHOLOGICAL burnout, MENTAL health, PSYCHOLOGICAL adaptation, CYBERTERRORISM
Abstract

The article offers a look at the personal tools of the job of cybersecurity professionals. Topics discussed include stress and burnout brought by cybersecurity work, the need for cybersecurity professionals to separate their personal lives from their job, coping mechanisms such as personal therapy and seeking mental health assistance, and maintaining the right balance with a reflective perspective to deal with the psychologically impact of cyberattacks.

Published
2024

39. Difendere e creare valore con la cybersecurity

Author

DE NICOLA, Manuel

Subjects
creazione di valore, cybersecurity, Controllo di gestione, CISO, risk management, Controllo di gestione, CISO, creazione di valore, cybersecurity, risk management
Published
2023

41. THE CHIEF INFORMATION SECURITY OFFICER: AN EXPLORATORY STUDY.

Author

Karanja, Erastus and Rosso, Mark A.

Subjects
CHIEF information officers, INFORMATION technology security, DATA security failures, STRATEGIC planning
Abstract

The proliferation and embeddedness of Information Technology (IT) resources into many organizations’ business processes continues unabated. The security of these IT resources is essential to operational and strategic business continuity. However, as the large number of recent security breaches at various organizations illustrate, there is more that needs to be done in securing IT resources. Firms, through organizational structures, usually delegate the management and control of IT security activities and policies to the Chief Information Security Officer (CISO). Nevertheless, there seem to be a number of firms without a CISO and for the ones that do, there is little consensus regarding who the CISO should be reporting to. This exploratory study investigates the organizational security reporting structures using a dataset of all the firms that hired a CISO between 2010 and 2014. The results suggest that the number of firms hiring CISOs is increasing and that the hired CISOs are predominantly coming from outside the firm. Also, CISOs who are hired to fill newly created positions tend to report to the CEO whereas replacement hires for existing positions tend to report to the CIO. These findings have implications for both academics and practitioners. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

42. SolarWinds legal ruling expected to narrow, but maintain SEC oversight on cyber transparency.

Author

Jones, David

Subjects
FRAUD, INTERNET security, PUBLIC companies
Abstract

The article reports that a federal court's decision to dismiss most civil fraud charges against SolarWinds could influence the U.S. Securities and Exchange Commission (SEC's) approach to regulating cyber risk disclosures. Topics include the implications for SolarWinds and its CISO, the potential limitations on SEC enforcement, and the broader impact on cybersecurity transparency requirements for public companies.

Published
2024

43. CrowdStrike CEO's quick apology stands out in an industry rife with deflection.

Author

Kapko, Matt

Subjects
INTERNET security, SUPPLY chains, COMPUTER security
Abstract

The article discusses CrowdStrike Chief Executive Officer George Kurtz's rare and heartfelt apology for a software update that caused a global IT outage. Topics include the unusual transparency and apology from CrowdStrike executives in response to a major industry crisis; the significant damage to the company's reputation and the broader impact on the global economy; and the potential lessons for the cybersecurity industry regarding accountability and crisis management.

Published
2024

44. What does your CEO need to know about cybersecurity?

Author

Miller, Jen A.

Subjects
CHIEF executive officers, INTERNET security, CYBERTERRORISM, CORPORATE governance, NATIONAL security
Abstract

The article focuses on the heightened accountability of CEOs (chief executive officers) in cybersecurity, emphasizing their evolving role in mitigating risks and ensuring resilience against cyber threats. It underscores the shift where CEOs are expected to integrate cybersecurity into business strategy and face legal repercussions for breaches, reflecting broader implications for corporate governance and national security.

Published
2024

45. Snowflake allows admins to enforce MFA as breach investigations conclude.

Author

Kapko, Matt

Subjects
MULTI-factor authentication, CYBERTERRORISM, DATA warehousing, INTERNET security
Abstract

The article focuses on a cloud-based data warehousing company, Snowflake's recent security policy changes regarding multifactor authentication (MFA) following targeted attacks on customer environments. It highlights Snowflake's decision to give administrators greater control over MFA enforcement without making it mandatory, reflecting a strategic response to recent incidents.

Published
2024

46. As CISOs grapple with the C-suite, job satisfaction takes a hit.

Author

Poremba, Sue

Subjects
JOB satisfaction, INTERNET security, CHIEF information officers, CYBERTERRORISM, WAGES
Abstract

The article focuses on the critical issue of job satisfaction among Chief Information Security Officers (CISOs), highlighting its direct correlation with their access to organizational leadership. It discusses how despite lucrative salaries, many CISOs are considering job changes due to feeling scapegoated for cyber incidents and compliance failures. It emphasizes the importance of integrating CISOs into board-level discussions to enhance organizational cybersecurity resilience.

Published
2024

47. Supreme Court ruling on Chevron doctrine may upend future cybersecurity regulation.

Author

Jones, David

Subjects
INTERNET security, GOVERNMENT agencies, ADMINISTRATIVE law
Abstract

The article focuses on the implications of the U.S. Supreme Court's decision to overturn the Chevron doctrine on cybersecurity regulation. Topics include potential legal challenges to recent cybersecurity measures, impacts on the Cyber Incident Reporting for Critical Infrastructure Act, and the need for federal agencies to seek more explicit authority from Congress when creating future cybersecurity regulations.

Published
2024

48. What we know about the Snowflake customer attacks.

Author

Kapko, Matt

Subjects
CYBERTERRORISM, MALWARE, DATA warehousing, IDENTIFICATION documents
Abstract

The article focuses on a wave of cyberattacks targeting a cloud-based data warehousing platform, Snowflake customer environments over the past two months. It is reported that these attacks have affected at least 100 confirmed Snowflake customers, with approximately 165 businesses potentially exposed. It is further noted that the attacks involve stolen credentials obtained from malware infections on non-Snowflake systems rather than vulnerabilities within Snowflake's own systems.

Published
2024

49. Few CFOs control cybersecurity budgets.

Author

Sadovi, Maura Webber

Subjects
INTERNET security, CYBERTERRORISM, CHIEF financial officers, EXECUTIVES, BUDGET
Abstract

The article delves into the dynamics of cybersecurity budget allocation within companies, highlighting the roles of different executives, particularly CFOs (chief financial officer) and tech executives. It reveals that while cybersecurity budgets often fall under the purview of tech executives, there's a growing argument for CFOs to take a more active role due to the financial implications of cyberattacks.

Published
2024

50. White House wants to harmonize the breadth of cybersecurity regulations.

Author

Jones, David

Subjects
INTERNET security, PRIVATE sector, DISCLOSURE, RECIPROCITY (International law)
Abstract

The article reports that the Joe Biden administration unveiled a plan to harmonize various cybersecurity regulations across federal, state, and international levels to enhance cyber resilience in the private sector and critical infrastructure. Topics include simplifying the reporting process to reduce duplicate disclosure requirements, developing a pilot reciprocity framework to streamline administrative burdens, and seeking legislative support to address regulatory redundancies.

Published
2024

Catalog

Books, media, physical & digital resources
See catalog results