Security Leadership - News, Features, and Slideshows

• 3 things CSOs can learn from CPOs

  The role of the CSO and CIO has been changing dramatically as technology becomes more and more vital to business strategies. Sometimes, it can be hard to keep up.

• The evolution of the CISO role and organizational readiness

  If we look at the headlines surrounding recent data breaches, we might conclude that the role of the chief information security officer (CISO) has never been more critical to the success and sustained well-being of an organization. As a by-product of this statement, we also might surmise that the information security organization and where it reports into is also important. This is probably why every recent CISO event includes a conversation about where the CISO and information security program should reside within an organization. The challenge is that however healthy the debate, the question about where the CISO and his/her department should report generally ends with, 'it depends'. To shift from a debate to productive action, maybe the question is not where should the CISO report into [<a

• Five CISO skills critical to your success in the next five years

  There's certainly no shortage of claims regarding the current shortfall of cybersecurity professionals. These findings show up repeatedly in our surveys, most recently the 2014 Global Information Security Survey and the 2013 State of the CSO, which both revealed that the demand for skilled IT security professionals continues to strain organizations' ability to fill security positions. Finding skilled information security workers was identified as one of the greatest challenges for 31 percent of large companies.

• Insecure Connections: Enterprises hacked after neglecting third-party risks

  It is said that an enterprise is only as secure as its weakest link. Today, that weak link often turns out to be partners, suppliers, and others with persistent network and application access.

• 6 steps to win executive support for security awareness programs

  In our article, "The 7 Elements of a successful awareness program," we identified the first and most critical element was obtaining C-level support. Such support is critical for the success of just about any organizational effort. Their support brings organizational buy-in and authority for your efforts. You can get other departments to support your efforts. While you will still meet some resistance, it is easier to overcome or bypass. Most importantly, you get more funding to put together a respectable awareness program.

• Don't overlook your biggest security flaw -- your talent

  The IT skills gap isn't as bad as you think -- it's worse, much worse. Especially in the area of cybersecurity, that skills gap is a major threat to your business.

• R.E.S.P.E.C.T.: The way for CISOs to get and keep it

  If you've got a "C" at the beginning of your professional title, you're at the top, or pretty close to it.

• A security awareness success story

  The problem with Security Awareness programs is that it is hard to prove their successes. As with all security countermeasures, success is usually that nothing happens. Ideally, success also means that there is a report of the attempted attack, however that is rarely the case. With technical countermeasures however, logs are usually maintained that allow people to point to all of the prevented attacks.

• How to optimize your security budget

  The good news is that security budgets are rising broadly. The bad news? So are successful attacks. Perhaps that's why security budgets averaging $4.3 million this year represent a gain of 51% over the previous year – and that figure is nearly double the $2.2 million spent in 2010 – all according to our most recent Global Information Security Survey, conducted by PricewaterhouseCoopers.

Whitepapers about Security Leadership

• 

  Translating Security Leadership into Board Value

  What Boards Want to Know and CISOs Need to Say Seven years ago in the SBIC report Bridging the CISO-CEO Divide, we explored the best practices security leaders could use to communicate more effectively with their C􀀁Os. CISOs were at a crossroads and just beginning to take a seat at the executive table. We provided recommendations from global leaders about ways CISOs could embrace their growing leadership role, build trust with the executive leadership team and earn the confidence of their C􀀁O. We discussed how harting a new course based on a strategic, risk-based approach to information security would drive clear business value.

• 

  CISO 2013 Security Insights: A new standard for security leaders