You are viewing 'it security'
Does your organization face challenges with effectively aligning IT security teams and business executives? In many organizations, it seems that business executives and IT security teams don't always understand each other's roles. Executive leadership may not realize the cyber risks to their organization, such as APT threats, insider threats, espionage, phishing. Also, IT security teams may not know what business systems are MOST important to protect before and during an incident.
So how can you successfully align IT security with the C-Suite, and keep the collaborative alignment effective? Before we answer that question, let's first talk about the challenges that have historically kept IT security and business executives out of alignment.
Strategic vision directly influences and impacts the success of implementation of IT security controls. IT security MUST be positioned as a business enabler. And businesses must... read more >
‘Twas 12 Days Before Theft Season
‘Twas 12 days before Theft Season, when all through the smart house,
Not a device was active, not even an IoT mouse.
The device that you bought from a random seller online,
That shipped from far-far away, had arrived in due time.
It was the gift that she begged for, pleaded and wined,
The one that she pined for, for six months’ time.
Not finding the original, this knock-off will do,
She must be happy, she is my princess; what would you do?
Being the perfect Dad, and wanting things right,
You plugged it in and charged it forthright.
Manuals read, it was ready to go,
But little did you know, this was only the beginning of the show.
As visions of your princess’ happiness lead you to a sound slumber,
The process was the first day of 12 days of havoc, 12 days of plunder.
The fiendish, deceitful, treacherous crew,
Of malicious actors, cleverly deceived you.
Their... read more >
Why problem management is important to security
Well, it is now official; I am writing my first blog post. As the Regional Chief Information Security Officer for the Americas here at NTT Security, I felt it important to share with you a perspective that I have gained from my extensive experience with information and physical security, combined with my recent experience with the Information Technology Infrastructure Library (ITIL), and more specifically problem management. ITIL defines problem management as “The process responsible for managing the lifecycle of all problems. Problem management proactively prevents incidents from happening and minimizes the impact of incidents that cannot be prevented” (Steinberg, Rudd, Lacy, and Hanna, 2011). Well, then, what is a problem defined as? ITIL would tell us that a problem is “a cause of one or more incidents. The cause is not usually known at the time a problem record is created, and the problem management process is responsible for further investigation”... read more >
Learning from a Mentor
In information security, there are so many career niches, so many new information security topics and technologies and so many evolving cyberattacks and breaches. To keep up with the rapidly changing information security field, you can never stop learning. One fantastic method to become more educated is to find a mentor.How do you find a good mentor?
A good mentor is someone who has patience and is able to explain complex topics in a multitude of different ways to ensure everyone is able to understand. One of the best places to look for a mentor is at your current place of employment. Many people have senior individuals where they are employed that have been in the field for years and can explain highly complex topics. If there is a senior person where you work, try asking them if you can shadow them when they perform specific tasks that you want to learn more about. You can also ask if they can set aside time on a weekly or monthly... read more >
Becoming a Mentor
Over the last couple of weeks, I have become more involved with training and education as it relates to the information security realm. Finding myself thinking more and more about the need for advancing information security knowledge, I've realized how important becoming a cyber security mentor is to those in need.
Those of us who are more senior and have deep expertise and firm grasp on the concepts and practices relating to information security, have the ability to help others in our field. By becoming a mentor, you can share your security knowledge, help others learn and develop their own skills, create a larger population of skilled people, and ultimately help advance the overall knowledge level in the field.
Mentoring works because it lets one learn from the other person’s successes and – yes – failures. Being a mentor can take a formal route. You can, for example, be an instructor at a college, university, or technical school. You... read more >