CSO:CYBER

Na visão de Rangel Rodrigues, advisor em Segurança da Informação, autenticação robusta, arquitetura adequada, políticas, criptografia e conscientização são alguns dos controles mandatórios para assegurar a proteção do bem mais valioso das empresas Não há como proteger algo que você não conhece. Talvez esta frase faça ou não sentido para você, mas a grande verdade é que muitas organizações falham nesse ponto. Ou ainda não o entenderam. É evidente que se todos da cadeia produtiva compreendessem, de alguma forma, que a cibersegurança faz parte de suas vidas, os CISOs teriam ao alcance a maturidade que todos precisam. E somente por meio de ações como a estratégia de conscientização podemos mudar a forma como os colaboradores pensam. Aliás, tudo está ligado à maneira como o ser humano pensa. Vamos à prática: proteger uma organização com recursos de cibersegurança começa em analisarmos que tipo de informação precisamos proteger. Esse dado precisa atender um requerimento regulatório? Estar em...

Why Is 'Pay the Ransom' In Next Year's Budget? This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Les McCollum, managing vp, CISO, ICMA-RC. All three of us discussed: Are you taking into account all variables when considering to pay the ransom? With a whopping 25 percent of all ransomware victims paying the ransom, paying the ransom has become part of the security plan. But does doing that actually accomplish anything? Ransomware is not just encrypting your data, but it's also data theft and public exposure. Have you calculated the reputational risk of paying the ransom will cost? Also, after you've paid you're a known entity that will pay. You will be a target to get hit again and again. Most companies upgrade their security programs after an attack. Do you know how much you'll be spending on that? How do you create a culturally sane group that's diverse? I always hear forward thinking managers ...

This week's episode of CISO/Security Vendor Relationship Podcast Why Don't Cybercriminals Attack When It's Convenient for Me? This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Margarita Rivera, vp of information security, LMC. All three of us discussed: It's never TGIF for those who work in cybersecurity. Cybercriminals know when our guard is down and it's usually late on a Friday or just before a holiday. At these times, coworkers shift into half-work speed and half cybervigilance. It would be annoying to remind people every Friday to be on guard for cyberattacks, but it's worth it to remind your staff just before a big holiday. Show support for those still out of work. We talked about a very emotional post of someone who was suffering a six month streak of rejection. When rejection becomes that overwhelming, it can definitely cause one to start questioning whether you made the right decision to do wha...

A new issue of Intelligent CISO Issue 31 publication has been published. - Cloud sock - Spike in cloud attacks shows businesses were not prepared to work remotely. - Threat evolution - McAfee report explores how cybercriminals have exploited the pandemic. - Cyberthreat impact - Industry experts discuss the major cyberthreats to the North America region. - Safe Bet - Killian Faughnan, Group CISO at William Hill, discusses his role at the bookmakers and some of the driving factor behind its ambition to continuously strengthen its cybersecurity posture. - Infographic - Study reveals 94% of global organizations suffered one or more business-impacting cyberattacks. - Latest updates from North America and APAC. - Understanding Ransomware in the Enterprise. - What are the major cyberthreats to the North America Region? Read more: https://view.joomag.com/intelligent-ciso-issue-31/0252261001604323146?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb29tYWciLCJpYXQiOjE2MDQzMjQ2NjAsImV4cCI6...

This week's episode of Defense in Depth Leaked Secrets in Code Repositories This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Jérémy Thomas, CEO, GitGuardian. All three of us discussed: Putting passwords and other credential information inside of code simply happens. It is done by developers for purposes of efficiency, laziness, or simply forgot to take it out. Given that exposing secrets is done by developers, these secrets appear in code everywhere, most notably in public code repositories like GitHub. Exposed credentials can appear in SIEMS as it's being exported from the developers' code. There is a shared responsibility model and cloud providers do have some ability to scan code, but ultimately code you put in your programs is your responsibility. Scanning public code repositories should be your first step. You don't want to be adding code that has known issues. Next step is to scan your own code...

This week's episode of CISO/Security Vendor Relationship Podcast Can a Robot Be Concerned About Your Privacy? This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our sponsored guest is Rebecca Weekly, senior director of hyperscale strategy and execution, senior principal engineer, Intel. All three of us discussed: Privacy as competitive advantage. For years, it seemed the corporate norm was to push users to relinquish their privacy for additional functionality. This would give the business more insight into user behavior to be able to sell more products. But now privacy is hip and something companies want to promote. For example, Apple is spending advertising dollars to promote their privacy controls. If you're creating an AI/ML engine, what information could be anonymized and/or thrown out after use? Lack of diversity didn't happen overnight. We're in this lack of diversity issue today because of years of ignoring it. That...

This week's episode of Defense in Depth Measuring the Success of Your Security Program This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Chad Boeckmann, CEO, TrustMAPP. All three of us discussed: The process is very systematic. Start with knowing your risks, how you're going to track them, and the controls you're going to put them in place to manage them. Simple to say, hard to do. Security risk is just one of a multitude risks a business faces. Data's whereabouts is a moving target. Having confidence in its location and protections is key to managing overall risk. Constantly be asking who has access to the data and what communications processes are you using to share that information between humans and machines. Discuss with leadership as to how you will judge success and what metrics you will use. C-suite will need to lead the discussion with security providing guidance as to what they can and can...