CISOs face the continuing challenge of how to clearly communicate information security risk to the board and senior management. But now they can take advantage of a free metrics framework designed to help evaluate an organization's cybersecurity readiness. Phil Cracknell of ClubCISO describes the effort.
While enterprises rebuild or upgrade their security programs, they must guard against over emphasizing technology investments while neglecting staffing issues, says Ben Johnson, chief security strategist at Carbon Black.
The Asian security landscape continues to change dramatically, and ransomware and cyber extortion are among the emerging trends increasing in frequency and volume. Kaspersky Lab's Vitaly Kamluk shares insights and advice.
There's often a dangerous trade-off made between convenience and security. That's illustrated no better than by a recent issue patched by Microsoft. It's an attack so devilishly smooth that it's a wonder hackers had not figured it out before.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
Interbank messaging service SWIFT will begin collecting and sharing anonymized attack information and offering incident-response services - backed by Fox-IT and BAE Systems - to help hacked banks. But will financial institutions buy in?
As more organizations in the Asian market outsource their security functions, they still will need to have a CISO, stresses Scott Robertson, vice president for Asia-Pacific and Japan at the cloud-based security firm Zscaler.
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.
India's National Cyber Security Coordinator, Dr. Gulshan Rai, puts forth a five-point agenda to secure digital India. Critics question what's new and different about the plan and suggest what they see as the right steps to security.
The security landscape is undergoing churn in India, and Deloitte's Akshay Garkel warns that with the country's regulators making big moves, the next six months should keep practitioners on their toes.
The nature of sophisticated fraud is changing, argues NPCI's Bharat Panchal. He shares experiences from his sector to support this idea, and he shares insights on how this will affect the security practitioner roles.
As cybersecurity demand surges in India, there is a crippling shortage of skilled professionals that the industry has been facing. KPMG's Sundar Ramaswamy suggests increased impetus on automating security roles will alleviate the problem.
Demonstrating the return on security investment and getting management buy-in remain some of the less glamorous, but very real challenges faced by Indian CISOs, says Shivkumar Pandey of the Bombay Stock Exchange.
Narayan Neelakantan, outgoing CISO at the National Stock Exchange of India, is concerned that the lack of capacity in incident response is going to haunt Indian organizations in the near future. He shares insight on IR maturity and the imminent need.