From the Summer 2018 Issue

Cybersecurity Compliance: Defending Your Small Business

Author(s):

Joy Galliford, Vice President of Cyber Programs, Joy Galliford

Young-hacker-in-data-security--168105173

We see it in the news almost daily — malicious cyber activity, security breaches, and privacy violations. But that only impacts large enterprises like Target, Citibank, and Facebook, right? Wrong. In an ever-evolving digital world, small businesses have their own set of cybersecurity responsibilities that must be met in order to do business. This is … Read more

From the Summer 2018 Issue

Building a Security Program for Small to Medium Businesses

Author(s):

Wilson Bautista, Director of Information Technology and Information Security, i3 Microsystems, a division of i3 Electronics

programer-block-header

According to a recent study from 2017 by the Enterprise Strategy Group1, 45 percent of organizations have a critical shortage of cybersecurity skills. This impacts the ability of IT teams supporting small and medium businesses (SMB) to acquire talent to fill their cybersecurity gaps. As more organizations are improving their third-party risk assessment programs, there … Read more

From the Summer 2018 Issue

Data Classification is the Key to Data Protection, Part I

Author(s):

Bill Bonney, CISO Desk Reference Guide, CISO DRG Venture

bill-bonney-data-protection

“No, no!” said the Queen. “Sentence first – verdict afterwards.” “Stuff and nonsense!” said Alice loudly. “The idea of having the sentence first!” The value proposition for data is not in its protection (sentence), but in its use (verdict). In this series of articles, we’re going to explore an alternate value proposition for data classification … Read more

Insider Threat – The Unseen Risk

Author(s):

Caleb Townsend, Staff Writer, United States Cybersecurity Magazine

Giant shadow finger pointing at an employee who is an insider threat. Man is in a suit sitting at a desk on a chair. Grey background.

When it comes to threats in cybersecurity, the insider threat is not the first one that comes to mind. Malware, ransomware, hacking, and denial-of-service attacks dominate the headlines. But more often than not, an insider threat is the cause of many of these attacks. In fact, insider threats are responsible for around 43% of all data … Read more

From the Spring 2018 Issue

Better than (Project) Zero: A Cybersecurity ROI Roadmap

Author(s):

Chris Castaldo, Senior Director of Information Security, 2U

castaldo feature image

Since 2014 the mission of Google’s Project Zero has been to make the Internet a more secure place through the discovery and responsible publishing of vulnerabilities. While Google works with vendors to ensure a patch is available before details of a vulnerability are released, nothing is actually made more secure until that patch is applied … Read more

From the Spring 2018 Issue

A Disciplined Approach to Cybersecurity Program Management

Author(s):

Brian Hubbard, Director of Commercial Strategic Business and Cybersecurity Solutions, Edwards Performance Solutions

Brian Hubbard feature image

In many organizations, the Chief Information Security Officer (CISO) and their team understands the need for a strategic approach to managing an enterprise information security program. However, continual tactical “fire drills” rarely allow time to be dedicated to strategic objectives. Given typical CISO resource constraints, efficient and effective operations are critical to success. Running a … Read more

From the Winter 2018 Issue

Next Generation Security Assessment Methodology

Author(s):

Rick Mellendick, Chief Security Officer, PIAchievers

Next Generation Security

Why Organizations Need to Be More Than Just Compliant Enterprises across the industry-government-academia spectrum are struggling to balance the goals of improved security and regulatory compliance. Unfortunately, the two are not always compatible or aligned. Many organizations lack board level guidance when it comes to managing cybersecurity risk. As a result, many organizations expend resources … Read more

From the Winter 2018 Issue

Implementing Automated Cyber Defense

Author(s):

Scott Jasper, CAPT, USN (ret), Faculty, Naval Postgraduate School

Automated Cyber Defense image

Today, massive numbers of uncorrelated and unprioritized alerts overwhelm network security operations. Staff are unable to respond to breaches anywhere near real-time. Legacy architectures layer “best of breed” components for firewall, intrusion protection, web content filtering and antivirus protection, each of which generates a unique set of alerts. Additional devices only contribute to an ever … Read more