The White Hat Rally – One Olympic race not to miss
The White Hat Rally takes the InfoSec community's petrol heads and adventure seekers on a scenic, action packed tour in aid of Barnardo's charity. There is still plenty of time for new teams to sign up to take part in the event, which runs from June ...
by Jane Wright
Chief information security officers (CISOs) have a lot on their plate. Between data protection, malware detection, compliance regulations, social media security, mobile device management (MDM) and many more areas that fall into the realm of the security team, the CISO is obliged to wear many hats each day.
A recent survey by IBM highlighted this multitude of CISO responsibilities. In the report, Finding a strategic voice: Insights from the 2012 IBM Chief Information Security Officer assessment (.pdf), IBM said the ideal CISO must “assume a business leadership position and dispel the idea that information security is a technology support function. Their purview must encompass education and cultural change, not just security technology and processes. Leaders will need to reorient their security organizations around proactive risk management rather than crisis response and compliance. And the management of information security must migrate from discrete and fragmented initiatives to an integrated, systemic approach.”
That’s a tall order, and trying to accomplish it all could lead to CISO burnout. It’s not so much that there’s too much to do (although there is). The real problem causing CISOs to reach for the Pepto Bismol is there are too many conflicting demands coming at them from different angles.
But changes to the CISO role may be on the way, according to Jon Olstik, a security analyst at research firm Enterprise Strategy Group. Olstik believes the CISO function will naturally and of necessity divide into two roles: CSO and CISTO.
The chief security officer (CSO) will focus on the intersection of risk and business. The CSO will deal with compliance and legal issues, and be the person who goes before the board of directors to explain the expected return on a $1 million security investment.
The chief information security technology office (CISTO) will focus on IT security architecture and infrastructure. The CISTO will handle security controls, including monitoring and reporting the company’s defenses.
Olstik sums it up like this: CSOs create cybersecurity policies; CISTOs enforce them.
Allocating responsibilities in this way will probably be greatly appreciated by today’s overburdened CISOs. Training programs could focus on the two different career paths, and security professionals could aspire in the direction that best suits their personalities and skills.
Hacktivism and what we can learn from it
Now, according to Bevan Lane of Infosec Consulting, as socio-economic problems get worse, more and more people are finding ways to react against their circumstances. We are all constantly hearing of new attacks, but very few of us are actually reacting ...
Posted by InfoSec News on May 17http://www.darkreading.com/database-security/167901020/security/news/240000521/delete-data-to-delete-risk.html
Posted by InfoSec News on May 17http://www.wired.com/threatlevel/2012/05/airport-security-id-theft/
Posted by InfoSec News on May 17http://secondcitycop.blogspot.com/2012/05/hacked.html
Posted by InfoSec News on May 17http://www.theregister.co.uk/2012/05/17/hkcert_funding_call_china/
Posted by InfoSec News on May 17https://www.nytimes.com/2012/05/17/world/europe/no-end-in-sight-to-inquiry-into-murdochs-media-empire.html