It’s no secret that security teams have been under a great deal of pressure recently. State actors and organized cybercrime operations dedicate substantial resources into advanced attacks. High-profile breaches in 2014 have shown CEOs are not exempt from responsibility in the event of a security failure. CISOs can now expect the question from the CEO and board of directors: “Are we secure?” This generalized view of an organization’s risk profile is a grave oversimplification, but reflects the fact that security executives must communicate the complexities of security in a consumable way to corporate leadership.
An article shared by BlueCross BlueShield’s Adam Birnbaum proposes the question, “Are we secure enough?” This article on executive security priorities offers guidance on implementing realistic and proportional security measures that will not be ignored by users.
Similarly, San Diego CISO Gary Hayslip writes about the importance of communicating a security vision. While it might be simpler for security to operate in a black box, the reality is that security teams must function within organizational politics – especially when it comes to making the case for the security budget.
Greg Barnes, CISO of an undisclosed organization, offers a likeminded perspective on what defines “real” security intelligence. The ultimate goal is to cut through the noise and provide conclusions that inform policy.
Where do all the stolen credentials we read about end up? Andrew Jaquith of BAE Systems shared an excellent guide to the types of personal information available for purchase on the deep web ( or “darknet”). Credentials for sale on the deep web is not just an issue for consumers. 92% of companies have at least one employee with compromised credentials for sale online.
Global organizations will want to pay attention to Facebook’s data privacy case, mentioned by Markit’s Darren Argyle. This case, which challenges Facebook’s legal ability to transfer European personal data to US-based servers, is just one example of the regulations’ impact on global organizations’ operations. Even if you consider yourself an expert on current regulation, it may be time to do some additional research. Recently proposed regulations include expanded liability and more severe punishment for organizations handling personal data from EU countries.