Information Security, InfoSec and Risk - Cyber Security Informer

Assessing Third-Party InfoSec Risk Management

Security Boulevard

JUNE 14, 2023

Information security (InfoSec) risk management with third parties, including outsourcing, requires persistence and consistency due to the primary business risk it presents. Third-party managers need to have insights into a variety of areas of information security, including.

InfoSec

InfoSec Risk Information Security CISO

AI Revolutionizes Infosec

Daniel Miessler

APRIL 2, 2023

After two and a half decades in information security, I’ve witnessed countless failures in security efforts. Enter AI, which promises to address these shortcomings with two fundamental advantages: Context and Question-based security products. Embrace the change, and leverage AI to create a more secure future.

InfoSec

InfoSec Software Information Security Risk

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Daniel Miessler

NOVEMBER 6, 2020

I think there are four main trends that will play out in the field of information security in the next 20 years. 2021-2030) A Surge in Demand for InfoSec people will result in many more professionals being trained and placed within companies, likely using more of a trade/certification model than a 4-year university model.

InfoSec

InfoSec Insurance Artificial Intelligence Cybersecurity

Iterative scientific infosec

Notice Bored

MAY 25, 2022

The community as a whole benefits by sharing and collaborating, even though individuals might benefit more by selfishly withholding information. There is a strong argument to facilitate much more sharing of information about information risk and security, incidents, controls etc. And what are 'incidents', in fact?

InfoSec

InfoSec Risk Antivirus Government

Top 3 Information Security Hiring Trends for 2023

SecureWorld News

DECEMBER 16, 2022

Bureau of Labor Statistics (BLS) , jobs in the Information Security field are expected to increase by 35 percent by 2030, which researchers are saying is faster than any other industry growth on average. Here are three key takeaways to keep in mind when researching for a new role in InfoSec in 2023.

Information Security

Information Security InfoSec Marketing Cybersecurity

Professional services infosec policy template

Notice Bored

MAY 12, 2022

We have just completed and released a brand new information security policy template on professional services. Professional services engagements, and hence the associated information risks, are so diverse that it made no sense to specify particular infosec controls, except a few examples.

InfoSec

InfoSec Risk Accountability Government

InfoSec Reviews in Project Management Workflows

Security Boulevard

FEBRUARY 8, 2021

I have attended numerous security conferences over the past several years, and at each one, I repeatedly hear about the importance of information security being incorporated within the planning and requirement analysis phase of the software development life cycle (SDLC). I agree – this is very important.

InfoSec

InfoSec Information Security Software CISO

WANTED: a set of infosec principles we can all agree on

Notice Bored

JUNE 20, 2022

The SecAware corporate information security policy template incorporates a set of generic principles for information risk and security such as " Our Information Security Management System conforms to generally accepted good security practices as described in the ISO/IEC 27000-series information security standards. "

InfoSec

InfoSec Information Security Risk Government

Are our infosec controls sufficient?

Notice Bored

JUNE 25, 2021

begging questions about which infosec-related matters are particularly important, and how they stack up in relation to other business priorities, issues, pressures etc. begging questions about which infosec-related matters are particularly important, and how they stack up in relation to other business priorities, issues, pressures etc.

InfoSec

InfoSec Risk Information Security Government

The Top 10 Highest Paying Jobs in Information Security – Part 1

The State of Security

AUGUST 17, 2021

According to Gartner, global spending on information security and risk management technology is expected to exceed $150 billion in 2021. The post The Top 10 Highest Paying Jobs in Information Security – Part 1 appeared first on The State of Security. Cybersecurity Ventures estimated that there will be 3.5

Information Security

Information Security Technology Risk Cybersecurity

Risks to Your Network from Insecure Code Signing Processes

Security Boulevard

JULY 7, 2022

Risks to Your Network from Insecure Code Signing Processes. However, this practice puts these critical resources at risk for being misused or compromised. Many InfoSec teams don’t have the visibility into what their software development teams are doing. In years past, InfoSec may have been the central keeper of code signing.

Risk

Risk InfoSec Software Digital transformation

Infosec control attributes paper completed

Notice Bored

APRIL 4, 2022

Yesterday, I completed and published the white paper on information security control attributes. Although it seems to take 'forever' to develop new standards, I'm hoping that the donor document will set the project off to a flying start.

InfoSec

InfoSec Information Security Risk

InfoSec Leaders Share in Podcast Interview at SecureWorld Philadelphia

SecureWorld News

APRIL 28, 2023

Featured guests are Krista Arndt, CISO, United Musculoskeletal Partners; David Lingenfelter, VP of Information Security, Penn Entertainment; and Bistra Lutz, Director of Global Information Security Operations, Crown Holdings.

InfoSec

InfoSec CISO Ransomware Information Security

Infosec policy development

Notice Bored

APRIL 10, 2021

We're currently preparing some new information risk and security policies for SecAware.com. but we're working on these four additions: Capacity and performance management : usually, an organization's capacity for information processing is managed by specialists in IT and HR. Lots of questions to get our teeth into!

InfoSec

InfoSec Penetration Testing Information Security Risk

Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges

The Security Ledger

APRIL 2, 2021

The information security industry needs both better tools to fight adversaries, and more people to do the fighting, says Fortinet Deputy CISO Renee Tarun in this interview with The Security Ledger Podcast’s Paul Roberts. The information security industry is simultaneously robust and beset by problems and challenges.

InfoSec

InfoSec CISO Information Security Cyber Risk

Resecurity Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021

CyberSecurity Insiders

MAY 27, 2021

SAN FRANCISCO–( BUSINESS WIRE )–Resecurity is proud to announce they have won the following award(s) from Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine: Cutting Edge in Digital Footprint Security. Next-Gen in Third-Party Risk Management (TPRM).

InfoSec

InfoSec B2C B2B Media

Information risk and security management reporting

Notice Bored

MARCH 14, 2022

How does one write an information security report? It also occurs to me that, aside from structuring the reports according to the information security controls and incidents , you could use the information risks in a similar way. What should be reported?" Using appropriate metrics makes sense, of course.

Risk

Risk InfoSec Information Security Government

CISA releases Insider Risk Mitigation Self-Assessment Tool

Security Affairs

SEPTEMBER 30, 2021

The US CISA has released a new tool that allows to assess the level of exposure of organizations to insider threats and devise their own defense plans against such risks. The tool elaborates the answers of the organizations to a survey about their implementations of a risk program management for insider threats. Pierluigi Paganini.

Risk

Risk InfoSec Ransomware Technology

Herjavec Group Wins 4 Cyber Defense Magazine Global InfoSec Awards

Herjavec Group

MAY 17, 2021

With Identity Managed Services, your organization can: Gain 24×7 visibility into the health of your Identity platform without increasing security staff. Quickly detect risks and amend access entitlement issues associated with privileged users. About CDM InfoSec Awards . Learn more?

InfoSec

InfoSec Marketing Technology B2C

NBlog Sept 27 - 2021 infosec budget

Notice Bored

SEPTEMBER 26, 2020

Are you responsible for your organisation's information security or cybersecurity budget? A substantial part of information security expenditure is (whatever we may believe as professionals) discretionary. A substantial part of information security expenditure is (whatever we may believe as professionals) discretionary.

InfoSec

InfoSec Information Security Manufacturing Risk

Top VAPT Testing Companies

Security Boulevard

JANUARY 6, 2023

Introduction By reducing information risks and vulnerabilities, a process called information security, also referred to as infosec, protects electronic data. InfoSec […]. The post Top VAPT Testing Companies appeared first on Security Boulevard.

Computers and Electronics

Computers and Electronics InfoSec Data collection Mobile

Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk

The Security Ledger

FEBRUARY 26, 2021

Here’s the deal with the information security industry in the United States: our country doesn’t have nearly the number of information security professionals that it needs. According to an estimate from Cybersecurity Ventures, the shortage of US cyber security workers could reach 500,000 people in 2021.

Cyber Risk

Cyber Risk Risk InfoSec Information Security

Expert discloses 4 zero-days in IBM Data Risk Manager

Security Affairs

APRIL 21, 2020

The security researcher Pedro Ribeiro, Director of Research at Agile Information Security, has published details about four zero-day vulnerabilities affecting the IBM Data Risk Manager (IDRM) after the company refused to address the issues. The latest version Agile InfoSec has access to is 2.0.3,

Risk

Risk Authentication InfoSec Advertising

Stepping on the cracks

Notice Bored

MAY 24, 2021

Anyone seeking information security standards or guidance is spoilt for choice e.g. : ISO27k - produced by a large international committee of subject matter experts and national representatives NIST SP 800 series – well researched, well written, actively maintained. and loads more. and loads more. Three different perspectives.

InfoSec

InfoSec Risk IoT Information Security

The Hacker Mind: Shattering InfoSec's Glass Ceiling

ForAllSecure

MARCH 8, 2023

Booth babes and rampant sexism were more of a problem in infosec in the past. What if you are a woman in information security? I’m Robert Vamosi, and in the episode I’m talking about diversity, equality, and inclusion in information security with one of the industries' most successful examples.

InfoSec

InfoSec Engineering CSO Technology

Information risk and security for professional services

Notice Bored

APRIL 20, 2022

When you acquire or provide professional services, how do you address the associated information risks? Professional services are information-centric: information is the work product , the purpose, the key deliverable. Withheld or unavailable for some reason (e.g. if a consultant fell sick or a laptop was lost or stolen).

Risk

Risk Energy and Utilities Computers and Electronics Telecommunications

Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation

Security Boulevard

MAY 14, 2023

Finally, we explore the US government’s […] The post Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation appeared first on Shared Security Podcast. The post Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation appeared first on Security Boulevard.

Risk

Risk Artificial Intelligence Data privacy Technology

CISO Liability Risk and Jail Time, (ISC)2 Bylaw Vote and the Value of Cybersecurity Certifications

Security Boulevard

OCTOBER 30, 2022

Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail.

CISO

CISO Risk Cybersecurity Data privacy

Spotlight on Cybersecurity Leaders: Bill Bowman

SecureWorld News

FEBRUARY 26, 2024

Bill Bowman, CISSP, CIPM, is the Chief Information Security Officer & Data Privacy Officer at financial software company Emburse. A : When I was with Bright Horizons, many top-tier clients demanded InfoSec competence. A : Moving the reporting line to risk (GC/CLO); using AI. I learned from them. A : Phil Venables.

Cybersecurity

Cybersecurity CISO InfoSec Data privacy

NBlog Aug 8 - musing on ISO/IEC 27014 & infosec governance

Notice Bored

AUGUST 7, 2020

This morning I've been studying the final draft of the forthcoming second edition of ISO/IEC 27014 "Governance of information security" , partly to update ISO27001security.com but mostly out of my fascination with the topic. This will support the delivery of security education, training and awareness programs. Section 8.2.5

Government

Government InfoSec Information Security Accountability

Why Taylor Swift Fans Should Work in Cybersecurity

SecureWorld News

SEPTEMBER 12, 2023

These skills also happen to apply to information security (infosec) and cyber threat intelligence and research. And you'll leave your first infosec conference with an armful of them. But infosec is the rare industry with clearcut heroes and villains. My Infosec Era has only just begun.

Cybersecurity

Cybersecurity InfoSec Threat Detection Accountability

First American Financial Pays Farcical $500K Fine

Krebs on Security

JUNE 18, 2021

Under First American’s documented vulnerability remediation policies, the data leak was classified as a security weakness with a “level 3” severity, which placed it in the “medium risk” category and required remediation within 45 days. “That’s a high-risk vulnerability.

Insurance

Insurance Risk Financial Services CISO

People-Centric Security (or Bottoms-Up)

Security Boulevard

NOVEMBER 17, 2022

Data is, or at least should be, the lifeblood of an effective information security program. One source of data that is typically missing from an infosec program is user, or employee driven data. Data is, or at least should be, the lifeblood of an effective information security program. This is not wrong.

InfoSec

InfoSec Passwords Risk Information Security

Juice Jacking Debunked, Photographer vs. AI Dataset, Google Authenticator Risks

Security Boulevard

MAY 7, 2023

Next, we dive into a case where a photographer tried to get his photos removed from an AI dataset, only to receive an invoice instead of having his photos taken […] The post Juice Jacking Debunked, Photographer vs. AI Dataset, Google Authenticator Risks appeared first on Shared Security Podcast.

Authentication

Authentication Risk Cyber Attacks Data privacy

CyberSaint STRONGER 2022 Conference Call for Speakers is Open!

CyberSecurity Insiders

FEBRUARY 1, 2022

BOSTON–( BUSINESS WIRE )– CyberSaint , the developer of the leading platform delivering cyber risk automation, today announced that the company is seeking speaker submissions for its virtual STRONGER conference, set to occur September 13th-15th 2022. Conference Tracks: Frameworks, Security, & Risk. InfoSec 360.

Digital transformation

Digital transformation InfoSec CISO Education

BSides Vancouver 2021 – Rose’s ‘The Overlooked Security Risk: 3rd Party Risk Management’

Security Boulevard

JULY 27, 2021

The post BSides Vancouver 2021 – Rose’s ‘The Overlooked Security Risk: 3rd Party Risk Management’ appeared first on Security Boulevard. Our thanks to BSides Vancouver for publishing their outstanding BSides Vancouver 2021 Conference videos on the groups' YouTube channel.

Risk

Risk Education InfoSec Information Security

BSides Berlin 2021 – Vasant Chinnipilli’s ‘Rooting Out Security Risks Lurking In Your CI-CD Pipelines’

Security Boulevard

JANUARY 9, 2022

The post BSides Berlin 2021 – Vasant Chinnipilli’s ‘Rooting Out Security Risks Lurking In Your CI-CD Pipelines’ appeared first on Security Boulevard. Our thanks to BSides Berlin for publishing their tremendous videos from the BSides Berlin 2021 Conference on the organization’s’ YouTube channel.

Risk

Risk Education InfoSec Information Security

Episode 144: Infosec Supporting Right to Repair with Joe Grand and Kyle Wiens

The Security Ledger

APRIL 30, 2019

The post Episode 144: Infosec Supporting Right to Repair with Joe Grand and Kyle Wiens appeared first on The Security Ledger. Households Introducing Securepairs.org: Fighting Infosec FUD for the Right to Repair. What is needed is for the information security community to speak up – and loudly.

InfoSec

InfoSec Computers and Electronics Telecommunications Software

Domotics - a can-o-worms

Notice Bored

APRIL 12, 2022

This morning, I’ve been browsing and thinking about ISO/IEC 27403 , a draft ISO27k standard on the infosec and privacy aspects of “domotics” i.e. IoT things at home. Dynamics and diversity: people, devices and services plus the associated challenges and risks, are varied and changeable. Security monitoring and management (e.g.

IoT

IoT InfoSec Risk Security Awareness

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Cisco Security

MAY 5, 2022

As the complexity of market demand grows, SaaS providers need an efficient way to simplify and streamline efforts to attain security certifications. A strategic compliance and risk management approach is as essential to the success of an organization as its product strategy. Infosec Registered Assessors Program (IRAP December 2020).

Marketing

Marketing InfoSec Risk Technology

Security Awareness Training and Human Risk Management Company AwareGO Achieves Year of Outstanding Growth

CyberSecurity Insiders

FEBRUARY 3, 2022

SAN ANTONIO–( BUSINESS WIRE )–Security Awareness Training and Human Risk Management company AwareGO today announced company milestones achieved and overall performance for 2021, including record year-over-year online revenue growth of 219%, enterprise revenue growth of 156%, and total revenue growth of 116%. About AwareGO.

Security Awareness

Security Awareness Risk Marketing Cybersecurity

Spotlight on Cybersecurity Leaders: Chris Spohr

SecureWorld News

AUGUST 22, 2022

Chris Spohr is the Information Security Officer for Republic Finance, LLC, and adds value by serving as the Head of Information Security to protect the company's data, brand, and jobs. This started me down the InfoSec path and I found that I liked specializing in a challenging area. Louis Advisory Council.

Cybersecurity

Cybersecurity InfoSec Retail Manufacturing

Importance of Cybersecurity Profession Highlights SecureWorld Chicago

SecureWorld News

JUNE 13, 2023

It was fitting that the opening keynote panel for SecureWorld Chicago on June 8th was titled " Making the Cybersecurity Music: Navigating Challenges and Opportunities in Today's InfoSec Landscape. Well, information security, cybersecurity happens to be a critical part of the business, being able to achieve strategic objectives.

Cybersecurity

Cybersecurity CISO InfoSec Risk

BSides Prishtina 2022 – Poliksena Berisha’s ‘Governance, Risk And Compliance (GRC) And Role Of IT Auditing’

Security Boulevard

MAY 25, 2022

Our sincere thanks to BSides Prishtina for publishing their Presenter’s BSides Prishtina 2022 Information Security Conference videos on the organization’s’ YouTube channel.

Government

Government Risk Information Security Education

Assessing Third-Party InfoSec Risk Management

AI Revolutionizes Infosec

Trending Sources

Demand, CyberInsurance, and Automation/AI Are the Future of InfoSec

Iterative scientific infosec

Top 3 Information Security Hiring Trends for 2023

Professional services infosec policy template

InfoSec Reviews in Project Management Workflows

WANTED: a set of infosec principles we can all agree on

Are our infosec controls sufficient?

The Top 10 Highest Paying Jobs in Information Security – Part 1

Risks to Your Network from Insecure Code Signing Processes

Infosec control attributes paper completed

InfoSec Leaders Share in Podcast Interview at SecureWorld Philadelphia

Infosec policy development

Episode 209: Fortinet’s Renee Tarun on Scaling InfoSec To Meet Tomorrow’s Challenges

Resecurity Named Winner of the Coveted Global InfoSec Awards During RSA Conference 2021

Information risk and security management reporting

CISA releases Insider Risk Mitigation Self-Assessment Tool

Herjavec Group Wins 4 Cyber Defense Magazine Global InfoSec Awards

NBlog Sept 27 - 2021 infosec budget

Top VAPT Testing Companies

Episode 205 – Google’s Camille Stewart: InfoSec’s Lack of Diversity is a Cyber Risk

Expert discloses 4 zero-days in IBM Data Risk Manager

Stepping on the cracks

The Hacker Mind: Shattering InfoSec's Glass Ceiling

Information risk and security for professional services

Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation

CISO Liability Risk and Jail Time, (ISC)2 Bylaw Vote and the Value of Cybersecurity Certifications

Spotlight on Cybersecurity Leaders: Bill Bowman

NBlog Aug 8 - musing on ISO/IEC 27014 & infosec governance

Why Taylor Swift Fans Should Work in Cybersecurity

First American Financial Pays Farcical $500K Fine

People-Centric Security (or Bottoms-Up)

Juice Jacking Debunked, Photographer vs. AI Dataset, Google Authenticator Risks

CyberSaint STRONGER 2022 Conference Call for Speakers is Open!

BSides Vancouver 2021 – Rose’s ‘The Overlooked Security Risk: 3rd Party Risk Management’

BSides Berlin 2021 – Vasant Chinnipilli’s ‘Rooting Out Security Risks Lurking In Your CI-CD Pipelines’

Episode 144: Infosec Supporting Right to Repair with Joe Grand and Kyle Wiens

Domotics - a can-o-worms

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

Security Awareness Training and Human Risk Management Company AwareGO Achieves Year of Outstanding Growth

Spotlight on Cybersecurity Leaders: Chris Spohr

Importance of Cybersecurity Profession Highlights SecureWorld Chicago

BSides Prishtina 2022 – Poliksena Berisha’s ‘Governance, Risk And Compliance (GRC) And Role Of IT Auditing’

Stay Connected