Jason Clark, CSO of Websense, has spent a significant amount of time meeting with over 400 CSOs. From his interactions, Clark offers his advice on how chief information security officers can be more effective.
Organizations are urged to adopt six principles to avoid the perils of transferring IT decision making away from technology specialists to business unit leaders.
"The changes we propose in revision 4 are directly linked to the current state of the threat space - the capabilities, intentions and targeting activities of adversaries - and analysis of attack data over time," says NIST's Ron Ross.
Organizations want the efficiencies of cloud computing. But they still worry about availability and security of data in the cloud. CSC's Andy Purdy offers insight into easing cloud security concerns.
No one - not even a security vendor - is immune to cyber attacks. "It's not a question of if or when companies will face an attack, but how they're going to defend against it," says Symantec's Francis deSouza.
"I'll probably be hanged for this, but I really believe the cloud can be more secure than what we do today," says Tom Soderstrom, chief technology officer at NASA's Jet Propulsion Laboratory.
Mobile security is a new discussion track at RSA Conference, but it's long been a hot topic for CISOs. Entrust's Dave Rockvam discusses BYOD and how organizations are securing personally-owned devices.
Going to RSA Conference? Don't miss ISMG's presentations on cloud security and the faces of fraud. Also, ISMG editors will host a meet & greet reception on Tuesday at the event. Click for details.
Cloud computing gives the jitters to those charged with protecting their organization's IT assets. To gauge the concerns of security professionals about cloud computing, we're fielding a global survey covering all industries. We want to know your views.
"Matching an implementation to the cloud definition can assist in evaluating the security properties of the cloud," says computer scientist Peter Mell, author of The NIST Definition of Cloud Computing.
"With a company-issued device, you can issue a policy that says users have no rights of privacy over information on the device," says Javelin's Tom Wills. But with employee-owned devices? A whole new set of issues.
Discussing Verizon's new report on the state of PCI compliance, PCI expert Jen Mack says payment card security today is "disappointing," and global merchants are at serious risk of new data breaches.
"The more that you could focus in on computer science topics, to understand programming, network-based technology and mobile-based technology, the better off you're going to be," says Rob Lee of SANS Institute.
ISACA's Marc Vael says differences in cloud computing environments and cloud providers can pose security risks. But well thought-out contracts and risk-management plans can fill potential security gaps and ensure business continuity during outages and disasters.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.