With the ongoing cyber security skills shortage, a growing number of information security (IT) professionals are being asked to take on new responsibilities for their organization’s cyber security program. Estimates show the number of unfilled cyber security positions worldwide could grow to 4 million by 2021, which will only make the problem worse. Even with… Read More
When it comes to evaluating technology in preparation for a potential disaster or cyber security incident, IT and security departments typically conduct multiple tests, playing out different scenarios to see how applications, systems, devices, and interfaces will respond in the event of an outage or attack. In business continuity, emergency management, or disaster recovery planning… Read More
As a new Chief Information Security Officer (CISO) on the job, there is a sense of immediate urgency to show value and make an impact. Maybe you’re joining an organization that had some major problems before you arrived – a public incident, a challenging personnel situation, an unsatisfactory audit, etc. All eyes are on you,… Read More
As a consultant, I’ve been advising and supporting security leaders like Chief Information Security Officers (CISOs) for several years now. I’m always intrigued by the organizational nuances of each role and each person in the seat. Let’s face it: being a CISO is not an easy job. To be successful in the role requires a lot of support from executive… Read More
Do your spring-cleaning plans call for refreshing and improving your cyber security incident response plan (CSIRP)? If so, that means your organization has a CSIRP – and hats off to you, because you’re in the minority. As much talk as there is in cyber security circles and conferences about developing and improving incident response (IR) plans,… Read More
The International City/County Management Association (ICMA) partnered with the University of Maryland a few years ago on a nationwide survey of local government cyber security practices, including incident response (IR) plans. Among the many interesting data points in the published report was the finding that only 33.7 percent of respondents had a “formal, written plan for recovery from breaches.” Of… Read More