Can I Please Have Some More? (Part 2)

n my last blog I talked about how many CISO’s have to go to the board with bowl in hand to ask for more budget and are usually under pressure to either demonstrate an ROI or show true value in the investment in security. This is only possible if the CISO truly understands the business, can articulate the value that security brings to the business, and how it can be a business enabler. CISO’s of the future will be ‘Business Security Officers’ and must become integrated into the business, not only for themselves but for their entire team. As a result, priorities for the entire security organization need to re-aligned with the business. So, how do you become a Business Security Officer and what skills do you need to have?

Can I Please Have Some More?

I wonder how many CISO’s or individuals in a similar role go to the board with bowl in hand to ask for more? More of what you might ask? Budget of course! And how many times are they challenged?


Hallelujah it’s Happened!

For those of you who follow my blogs you know I have written about ‘Neighborhood watch schemes’ and CISPA Cyber Intelligence Sharing and Protection Act in the US. Many lessons can be learned from the traditional Neighborhood Watch schemes which were first introduced in the UK in 1982 with one objective – to reduce crime.


RSA Security Summit Series – Food for Thought?

Improving Information Sharing – actually maybe a more appropriate title would be Starting to Share Information’. A lot of questions have been raised recently at various events including the series of RSA Security Summits in Europe about information sharing and getting over the concept that no organizations is an island and to derive true value, organizations need to factor external threat data with internal data to get a true picture of their threat level

Action Plan for Small Enterprises

In my last blog we created a security baseline to help organizations adequately protect sensitive data. While this series has been focused on guidance for smaller companies, the basic principles can be applied to any organizations. The key difference is that smaller companies will be under pressure to spend on compliance and their secrets which hold the ‘real’ value remain unprotected. Keeping proprietary knowledge away from competitors is essential to maintaining market advantage, but the challenge of how all these secrets are stored within an organization tends to be one of the reasons smaller companies shy away from protecting them.


Creating a Baseline for Small Business

Companies of all sizes invest significant time and money protecting their sensitive information, but their priorities are not always the right ones. Security investments are too often aimed at preventing accidents, such as when employees accidentally lose laptops or inadvertently send emails containing customer information.

To Cybercriminals, The Size of a Company No Longer Matters

Gone are the days when it was thought that size of the company matters to the cybercriminals. The latest PwC Information Security Breaches Survey 2013 shows that there has been a significant rise in the number of small businesses that were attacked by an unauthorized outsider in the last year – up by 22%. Interestingly large organizations only went up by 5%. The cybercriminal has moved on to stealing intellectual property or corporate secrets as that’s where the real money is and small companies become easy targets as many do not have the resources or budgets to fully protect their information.

It’s time to understand the differences between corporate secrets and custodial data.