Meet CIS RAM: the new balanced infosecurity framework

Posted by:

Applications, devices, technology and service provisioning are the bread and butter of IT, but any information security professional knows that risk management is equally important.

There is no point in an IT advisor implementing a service if it poses too much risk to the organization. This is why, for example, many companies prevent  access to social media sites – the benefits of access does not outweigh the risk.

Information Security professionals  have a duty ...

Read More →
0

What is an information security framework and why do I need one?

Posted by:

An information security framework, when done properly, will allow any security leader to more intelligently manage their organizations cyber risk.

The framework consists of a number of documents that clearly define the adopted policies, procedures, and processes by which your organisation abides.  It effectively explains to all parties (internal, tangential and external) how information, systems and services are managed within your organisation.

The main point of having an information security framework in place is ...

Read More →
0

The truth about managing Supply Chain risk? It’ not easy

Posted by:

Ahhh the joys of supply chain risk management. It is a complex beast with many heads, each focusing on the problem from a different operational standpoint.

The goal is of course to build and maintain a resilient system of checks and balances so your organisation’s supply chain is healthy and operating at an acceptable level of risk.

If this sounds easy to you, I am willing to bet you’re a theoretical expert.

Read More →

0

GDPR: The big myth that could slide US firms into hot water.

Posted by:

It is now 12 weeks until the new EU GDPR legislation becomes a globally enforceable law. GDPR is an important new EU-mandated regulation: it provides the foundation for how organizations around the globe collate and process sensitive customer information belonging to EU residents.

Some say this is the best thing since sliced bread, in that it gives back a modicum of control to some individuals whose data is being processed willy-nilly in many organizations around the globe. ...

Read More →
0

Convincing executive stakeholders that even the tiniest cyber-incident can lead to big disasters.

Posted by:

We published an article recently about how many senior information security professionals, be they CISOs or CIOs, are worried about their systems being vulnerable to breach. One of the main problems is getting senior stakeholders, like the Board or the executive management team, to buy into your information security strategy. We shared a few approaches on how to address this ubiquitous problem.

Achieving executive buy-in on information security policies is much more difficult than ...

Read More →
0

Cybersecurity budget: CISO advice for getting your Board of Directors to take notice

Posted by:

There are many CISOs and CSOs out there hiding their proverbial sweaty palms.

They’re stressed out, worried that it is just a matter of time before their network gets caught up in some embarrassing data debacle – perhaps it will be ransomware, or a targeted attack or an insider leak.

And they know they will then truly be in the hot seat.

Thing is, for many, it is a fingers-crossed game, because ...

Read More →
1

Cybersecurity predictions 2018: 5 key infosecurity trends to watch out for

Posted by:

In our last post, we talked about the most significant data breaches of 2017.  And what better way to wrap up 2017 than by pulling out our crystal ball and gazing into the near future.

Using our expertise in infosecurity, here is our shortlist of what to watch out for in the upcoming year:

Expect new EU regulation GDPR to make headlines.

The way in which your website collates ...

Read More →
0

What to do with the last of your 2017 cyber security budget?

Posted by:

Late in the financial year, it can difficult to figure out the best way to spend what’s left over in the information security budget.

No one wants to leave money on the table, especially when it could significantly reduce your exposure to cyber risk. The problem is that for any experienced IT security lead, you know there are thousands of ways that money could be spent: training, new security software, hardware upgrades, policy or system reviews, etc

Any of ...

Read More →
0

IoT Developers: checklist for building more secure Smart Devices.

Posted by:

[This is Part 2. Part 1 of this blog series is here: Before you buy or connect a smart device (IoT)…]

Having worked for more than 20 years in the technology and information security industry, I have seen first hand how hard management can push their teams.

There is no doubt that the IoT race is on, but whipping teams into a frenzy so that they race through the development, testing and production phases has a real ...

Read More →
0

CISOs, Do you have enough resources to do your jobs? No, we didn’t think so.

Posted by:

Be honest – how many of you CISOs out there are relying on a kind of “Fingers Crossed” approach when it comes to protecting your most valuable organizational assets?

If you are nodding quietly in answer to this question, you’re not alone.

We get it. The role and responsibilities of the CISO have changed dramatically since the role’s inception in the 1990s.

20 years ago, CISOs were focused on securing and defending the network perimeter. This meant ensuring firewalls were configured properly, vulnerabilities ...

Read More →
0
Page 1 of 4 1234
})
SEC Cybersecurity Exams