Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.
Many organizations are weighing whether cyber-insurance is a worthwhile investment. A decision on the type of policy to buy, and what it should cover, depends, in part, on the type of information that could be exposed.
The growing threat landscape exacerbates the IT security skills shortage, meaning many organizations struggle with inadequate and sometimes unqualified staff. How are security leaders addressing the crisis?
In light of growing threats and the increasing complexity of information technology, organizations must get everyone in the enterprise, especially top leaders, involved in assessing and managing information risk.
With different nations establishing different privacy standards, organizations face adopting the most stringent regulations in order to be compliant everywhere they operate, says Marc Groman, a director of the International Association of Privacy Professionals.
To acknowledge leaders who are playing a critical role in shaping the way governments approach information security and privacy, GovInfoSecurity announces its fourth annual list of Influencers.
IBM's Dan Hauenstein, in analyzing Big Blue's 2012 Tech Trends Report, says security concerns often inhibit the adoption of four technologies: mobile, cloud, social business media and business analytics.
Karen Scarfone, who coauthored NIST's encryption guidance, sort of figured out why many organizations don't encrypt sensitive data when they should. The reason: they do not believe they are required to do so.
It's as much about people as it is technology for organizations to successfully implement a continuous monitoring program, says George Schu, senior vice president at Booz Allen Hamilton.
Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
South Carolina's Revenue Department went nearly a year without a chief information security officer before its tax system was hacked this summer. The agency's chief says the state couldn't find a qualified candidate for the job that pays $100,000 a year.
The goal is admirable: Eliminate all traces of online information about an individual if that's what he or she wants. But is the right to be forgotten an impossible dream?
As seen on YouTube, South Carolina Gov. Nikki Haley, more than any other chief executive, in or out of government, is out front leading the response to a breach of its tax system. It's been an education for the governor as well as South Carolinians.
Incorporating new concepts such as security-control overlays and placing a renewed emphasis on information assurance, the forthcoming guidance is 'a total rewrite' from the 2009 version, NIST's Ron Ross says.
To know how best to respond to IT and communications failures, incident response pros first must collect information on such incidents, says Marnix Dekker, who co-authored a new report for ENISA.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.