7 best reasons to be a CISO
As they become key players in wider business matters, modern CISOs can develop
their credentials and knowledge beyond hands-on security skills and abilities.
“Our role is continuously expanding,” Smart says. “Today, I am also responsible
for governance, risk and compliance, which opens up more avenues into setting a
cohesive plan and strategy for security and risk management that impacts the
whole business,” she adds. “The modern CISO can make use of a wide range of
skills, beyond technical cybersecurity, and explore more areas of interest
within the business,” Stapleton agrees. “As the cybersecurity landscape is
constantly changing, there are always new and fascinating topics to dive into,
so a CISO is never bored.” “The Disabled CISO,” the Twitter handle of an
anonymous CISO of a global company, tells CSO that security now touches every
part of the business, driving CISOs to positively engage with and learn from all
corners of a company. “I love getting out and joining colleagues at the
coalface. To protect the business, I need to understand how we operate and the
challenges that presents to colleagues ..."Should We Build Quantum Computers at All?
Using quantum computers, physicists want to simulate and unearth unusual states of matter; pharmaceutical companies want to discover new types of drugs; auto companies want to paint cars faster. While no one has conclusively demonstrated the utility of quantum computers, their potential seems endless. Emma McKay offers a provocative counterpoint. In the face of climate change, societal inequality, and other global problems, McKay, a PhD student in education at McGill University, thinks that perhaps we don’t need to develop quantum computing at all. “I haven’t seen any reasons compelling enough to me,” McKay, who uses they/them pronouns, told APS News. ... Maybe quantum annealers [a type of quantum computer] will be able to help us manage resources more efficiently. But it appears that people are most interested in using these types of technology to optimize things that suck, like optimizing traffic for single-person vehicles when widely available public transit, via buses and cycling infrastructure, is possible and the best way to reduce congestion and pollution from private vehicles in a city.Are Application-Specific Chains the Future of Blockchain?
As decentralized application (dApps) developers gain more experience working
with blockchains, some are running into limitations created by the parameters of
blockchain architecture. Ethereum, for instance, allows for applications to be
created via smart contracts, but does not allow for automatic execution of code.
It also maintains fairly strict control over the way consensus and networking
functions are exposed to those applications. To overcome these limitations, some
developers are turning to application-specific blockchains — purpose-built and
tuned for their specific application needs, and colloquially called “appchains.”
One of the more popular options for building appchains is the Cosmos SDK, due to
built-in composability, interconnected blockchains, and the ability for
developers to maintain sovereignty over their blockchain. We’ve covered Cosmos
in the past, including a developer academy for learning to build in the Cosmos
Network and the addition of Interchain Security, which allows multiple Cosmos
blockchains to align around common security protocols while maintaining
sovereignty.A Long-Awaited IoT Reverse Engineering Tool Is Finally Here
The tool was specifically designed to elucidate internet-of-things (IoT) device firmware and the compiled “binaries” running on anything from a home printer to an industrial door controller. Dubbed FRAK, the Firmware Reverse Analysis Console aimed to reduce overhead so security researchers could make progress assessing the vast and ever-growing population of buggy and vulnerable embedded devices rather than getting bogged down in tedious reverse engineering prep work. Cui promised that the tool would soon be open source and available for anyone to use. “This is really useful if you want to understand how a mysterious embedded device works, whether there are vulnerabilities inside, and how you can protect these embedded devices against exploitation,” Cui explained in 2012. “FRAK will be open source very soon, so we’re working hard to get that out there. I want to do one more pass, internal code review before you guys see my dirty laundry.” He was nothing if not thorough. A decade later, Cui and his company, Red Balloon Security, are launching Ofrak, or OpenFRAK, at DefCon in Las Vegas this week.Is cloud computing immune from economic downturns?
First, and most important, many businesses now consider IT spending to be
directly reflected in the value built within the enterprise. IT systems are no
longer just for tactical uses such as processing transactions. Instead, cloud
systems are becoming the business itself. The businesses disrupting their
markets are doing so with their own unique innovations. They can only create
these innovations by developing core IT systems using digital transformation
processes and cloud computing. IT is no longer a cost center but an investment
that needs to be nurtured. This new outlook is seen in manufacturing companies
invested in supply chain automation using cloud-based artificial intelligence
capabilities and cloud-based blockchain to lower costs and increase
productivity. It’s seen in businesses that are entirely based on technology
offerings, such as ride-sharing or residence-sharing applications. Many
investors and company executives now believe software will define the future of
business. IT is the engine that can build and use these systems; thus it’s a
budgetary line item that boards and executives are reluctant to touch.Cybersecurity and Technology Industry Leaders Launch Open-Source Project to Help Organizations Detect and Stop Cyberattacks Faster and More Effectively
"Every business deserves a simple, straightforward way to analyze and understand the security landscape – and that starts with their data," said John Graham-Cumming, CTO at Cloudflare. "By participating in the OCSF, we hope to help the entire security industry focus on doing the work that matters instead of wasting countless hours and resources on formatting data." "At CrowdStrike, our mission is to stop breaches and power productivity for organizations," said Michael Sentonas, Chief Technology Officer, CrowdStrike. "We believe strongly in the concept of a shared data schema, which enables organizations to understand and digest all data, streamline their security operations and lower risk. As a member of the OCSF, CrowdStrike is committed to doing the hard work to deliver solutions that organizations need to stay ahead of adversaries." "Modern cybersecurity operations is a team sport, and products must integrate with each other to provide value beyond what a single product can. Sure, it's possible to make that happen with open APIs and mapping data structures, but development and processing resources are not infinite," said Mohan Koo, Co-founder and CTO with DTEX Systems.What Are Your Decision-Making Strengths and Blind Spots?
What do you do when you face an important but complicated decision? Do you turn
to experts? Dig for data? Ask trusted friends and colleagues? Go with your gut?
The truth is many of us approach decision making from the same perspective over
and over. We use the same tools and habits every time, even if the decisions are
vastly different. But following the same strategy for every problem limits your
abilities. To make better decisions, you need to break out of these patterns and
see things differently, even if it is uncomfortable. First, you need to
understand your own decision-making strengths and your blind spots: What is the
psychology of your decision making? What is your typical approach? What mental
mistakes or cognitive biases tend to get in your way? Looking inward to what you
value can illuminate why you make decisions the way you do — and how you might
be shortchanging yourself with your approach. From there, you can disrupt your
traditional processes.The Rise of the ‘Fractional’ CMO and the Role CIOs Play
Relay Network 's CMO Tal Klein points out the CIO/CDO has a vested interest in
the interplay of technology and business. “Depending on what marketing pillar
the fractional CMO is being brought onboard to address, the CIO may care a lot
if the fractional CMO is being brought in to address operational issues like
lead generation or lead-to-opportunity conversion velocity,” he says. That's
because that kind of work relies heavily on technology and may impact changes to
the company's CRM, website, or even communication infrastructure. “Whereas if
the fractional CMO is being brought it to address messaging or market
positioning, the CIO may have less of a vested stake in the recruitment
efforts,” Klein says. Klein adds other than the obvious infrastructure work
associated with supporting marketing operations, the CIO or CDO may own a lot of
the outputs from marketing engagements like the compliance issues. These could
arise from capturing customer information, security ramifications associated
with new tools or processes, and ensuring whatever prospect or customer data
marketing needs in order to run effective campaigns is available to them.Hybrid work: What's changed – and what hasn't
With an overwhelming number of employees saying they want hybrid work to become
the new normal, flexible work arrangements are becoming integral to an
organization’s hiring and retention strategies. Pre-pandemic, industries that
offered work flexibility were often considered somewhat progressive and it was
more the exception than the norm. Today, hybrid work is standard in a growing
number of fields. Still, there are challenges. ... With employees potentially
using personal devices and home wi-fi connections, IT security teams must
constantly consider new vulnerabilities and strategies to remain safe. Clear
policies and practices, along with training programs that reflect these new
procedures are essential for any successful hybrid work model. On the positive
side, hybrid work reduces the impact on our environment. Working remotely means
less paper consumption and energy used to maintain office buildings and less
waste from consumable products in the workplace. It also provides team members
an opportunity to practice sustainability when working at home.Why SAP systems need to be brought into the cybersecurity fold
The problem is exacerbated by the variety of attack vectors that cybercriminals are leveraging to target mission critical SAP systems, with applications often remaining vulnerable for extended periods due to security patches not being applied in a timely manner. In February we saw the Cybersecurity and Infrastructure Security Agency (CISA) urge admins to patch SAP NetWeaver against a critical vulnerability that could facilitate a range of attacks and even lead to operational shutdown. In the very same month, of the 22 security notes or updates issued by SAP, eight were deemed “Hot News”. Four were updates but of the remainder, three had a maximum CVSS score of 10 and the fourth 9.1. SAP is prolific in its patching. However, patches cannot be applied directly to productive systems, requiring downtime which is often not an option for mission-critical systems. Even when a business upgrades to SAP S/4HANA, the pressure to go-live can see security side-lined. ... Indeed, the earlier mentioned report reveals that exploits are attempted within 72 hours of SAP publicly announcing patches, while new SAP environments are being identified and attacked online within as little as three hours.Quote for the day:
"I have a different vision of leadership. A leadership is someone who brings people together." -- George W. Bush
No comments:
Post a Comment