As security professionals around the globe are involved in their organization’s COVID-19 response, many security staff are contemplating how to assess their protocols and procedures, as well as what new protocols and procedures to put in place. How can security technologies be a part of the overall COVID-19 response for an enterprise and how can security professionals use technology now that will serve them well in the future with continued enterprise risk mitigation?
September is designated as National Insider Threat Awareness Month. Unfortunately, to close out the month, Shopify publicly disclosed that it was the latest victim of a data breach. Events like this are just another reminder of why zero trust must become the new enterprise security standard and why CISO’s must move quickly to implement the practice.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released two joint cybersecurity advisories on widespread advanced persistent threat (APT) activity.
Joint Cybersecurity Advisory: AA20-296A Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets
Joint Cybersecurity Advisory: AA20-296B Iranian State-Sponsored Advanced Persistent Threat Actors Threaten Election-Related Systems
What is a security professional to do when you are already operating a lean organization, you are protecting your company’s assets the best you can and you still have to perform better with fewer resources?
As security professionals, we inherently understand the concept of “risk.” We are surrounded by leaders and business partners who also understand these concepts — just with a different lens. To align the differences in our approach, we just need to adjust our understanding, gain a few more skills and approach our programs with a management mindset similar to the way business looks at risk.
We tend to believe that it is the business’s responsibility to understand the importance of security and, therefore, recognize the need to invest. But in the world of business, that’s simply not the case. Business leaders have operations to run and missions to fulfill, and as security leaders we need to understand that it’s up to us to bridge the gap between the security way of thinking and the business way of thinking.
This model allows the security leader and team to work with business leaders to monitor resources, understand security risks, and, together, deliver the most appropriate and effective solutions to mitigate those risks. Security leaders can also use the information gathered during the risk-based reboot to understand and communicate the total cost of ownership of the security program — based on the value of the business’s assets that are exposed to certain security risks — as well as the cost of the various resolutions that are put in place.
This month in Security magazine, we explore how Corning's global security group ensured business continuity and employee safety during the global COVID-19 pandemic. Also, we highlight the global security team at Uber and their recent security programs and initiatives. Industry experts discuss travel safety programs, career hackers, working for terrible bosses, group attribution error and more.