Sage Advice - Cybersecurity Blog

Measuring Cybersecurity Success

Many CISOs struggle to build a compelling business narrative around their cybersecurity efforts. So when they stand before C-execs or board members, they turn to quantitative measures to craft a basic blocking-and-tackling story (check out how many suspicious connections our firewalls blocked last quarter) and watch eyes glaze over. What’s missing from these number-packed tales, according to 2018 CyberCrime Symposium presenter Summer Fowler, is any business context.

Read More

Topics: Security Policy, CyberCrime Symposium, Cybersecurity Culture

Privacy, Cybersecurity, and the Nation’s Central Bank

People will defend their right to privacy to the end. Yet, they love their technology and so willingly share personal information online that they’re part of a coalition of malicious and legitimate cyber-actors that threaten it. Nevertheless, with legal ramifications growing, CISOs must now secure personally identifiable information (PII) and intellectual property (IP) while protecting its owner’s privacy.

Read More

Topics: CyberCrime Symposium, Financial Sector, Privacy

Cybersecurity Awareness in the Workplace: Building a Cyber-Family

It’s a connected world, fueled by a connected workforce whose organizations live and die by their data. Now that they can plug-in from any device, traverse cyber-space, and communicate via email, IM, or VoIP, older employees forget they haven’t always worked this way. But Phil Bickford contends that the current digital age — marked by the mainstream adoption of technology, emerging social media, and mobility — is only around 15 years old. How mature, then, can workplace cybersecurity awareness be?

Read More

Topics: CyberCrime Symposium, Cybersecurity Culture, Privacy

Privacy’s Conflicting Interests

Strong cybersecurity programs tightly control financial assets, but more and more, it’s information that’s the target of various bad actors around the world. A lot of this data falls into the privacy realm and under the protection of privacy laws. As new laws like the EU’s General Data Protection Regulation (GDPR) expand these protections, they’re colliding with equally important but often-conflicting national security and crime-fighting interests, according to Lawrence Dietz, founder of DataPrivacyLaw.com.

Read More

Topics: CyberCrime Symposium, Privacy

Why CISOs Need to Care About Privacy

Why should information security officers care about privacy? That’s the loaded question Todd Fitzgerald posed to a packed audience in his opening keynote at the 2018 CyberCrime Symposium. The short answer: They have to.

Read More

Topics: CyberCrime Symposium, Privacy

Lessons from the 2018 CyberCrime Symposium

Arguments over the importance of security versus privacy will continue, but the debate’s losing steam by the second. In today’s data-driven world, cybersecurity and data privacy are interdependent, high-stake functions, and businesses and government entities must prioritize both. This mandate is transforming the CISO role, with business leaders restructuring their org charts to create new C-level partnerships, reporting structures, and seats at the big table.

Read More

Topics: CyberCrime Symposium, Privacy

Become Bilingual and Bridge the Gap

Ask CISOs to prioritize the skills they require to excel in their work, and a sizeable number will put talk before tech. Bi-directional communication — and its role in creating world-class cybersecurity programs — is a reoccurring theme in security workforce surveys and similar research. At the 2017 CyberCrime Symposium, featured speaker Summer Fowler tapped into influential security studies by ISC2, SANS, and Carnegie Mellon University (CMU) to spotlight the communication breakdown that characterizes interactions between CISOs and their senior leadership.

Read More

Topics: Compliance, Security Policy, CyberCrime Symposium

Putting Federal Cybersecurity Policy in Perspective

The cyber-threat ecosystem is complex, relentless, and rapidly evolving. It’s appropriate that those characteristics describe the work of creating national cybersecurity policy.

Read More

Topics: Security Policy, CyberCrime Symposium

Disrupt and Transform but Don’t Neglect Cybersecurity

Information security professionals can hardly be blamed if they’re ambivalent about digital disruption and digital transformation. On one hand, they’re getting traction with disruptive security technologies, whose automated, real-time capabilities help transform the security function. On the other, they’re facing mounting cybersecurity challenges as their organizations leverage IoT, AI, social tools, and mobility to become more efficient, effective, and engaging, said Don Anderson, a presenter at Tyler’s 2017 CyberCrime Symposium.

Read More

Topics: CyberCrime Symposium, Cyber Defense

Assume Compromise: Protect, Detect and Respond

In 2012, when Sean Sweeney became CISO for a large university, info-security strategies focused on preventing breaches. At that time, “CISO stood for ‘chief information scapegoat officer,’” said Sweeney, a presenter at Tyler’s 2017 CyberCrime Symposium.  “It was my job to prevent every possible attack against the university 24x7x365. That’s an unwinnable job, right?”

Read More

Topics: CyberCrime Symposium, Cyber Defense