Sage Advice - Cybersecurity Blog

Information Security vs. Cybersecurity

Before cybersecurity became a standard part of our lexicon, the practice of keeping information and data safe was simply known as information security. Although the two terms are still used interchangeably, there is a definite distinction between the two, which provides context and explains the evolution this discipline has recognized over the past two decades. This paradigm provides perspective and instruction for when your organization starts to build and implement a cybersecurity program today.

Read More

Topics: Security Policy, Information Security

Cybersecurity Maturity: Tiers and Goals

Achieving cybersecurity maturity is something that organizations should strive to reach over time. Once an organization has a mature cybersecurity program, they will be equipped with the knowledge and power to adapt to the ever-changing threat landscape – a key to becoming a resilient organization. It sounds simple, but gaining cybersecurity maturity is a fluid, never-ending work in progress that should always be improved upon. Let’s dive in.

Read More

Topics: Cybersecurity, Security Policy, Cybersecurity Culture

Four Cybersecurity Myths to Bust Instantly

In today's threat environment, we can count on the fact that there will be more spectacular breaches to come. The bad guys will always get in. It's time to acknowledge that reality and take action.

In our experience, many organizations who are just getting started on their path to cyber resiliency have a few misconceptions when it comes to cybersecurity. These myths must be busted in order for organizations to defend themselves against the risks they face. Here are four of the most common myths that must be cleared up.

Read More

Topics: Security Policy, Cybersecurity Culture

The Information Security Policy Lifecycle

Regardless of whether a policy is based on guiding principles or regulatory requirements, its success depends in large part upon how the organization approaches the tasks of policy development, publication, adoption, and review. This process is collectively referred to as the policy lifecycle. The responsibilities associated with the policy lifecycle processes are distributed throughout an organization. Organizations that understand the lifecycle and take a structured approach will have a much better chance of success with their cybersecurity practices. Let’s breakdown the Information Security Policy (ISP) lifecycle into further detail.

Read More

Topics: Cybersecurity, Security Policy, Information Security

3 'Must Have' Cybersecurity Documents

We see news of devastating cyberattacks every day in private and public organizations of all sizes. From phishing attempts, to business email compromises, to full-blown ransomware attacks, any device that’s connected to the internet is at risk for an attack.

Read More

Topics: Security Policy, Incident Response, Information Security

Developing a Cyber Threat Intelligence Program

With cyber-attacks increasing, the likelihood that many organizations are experiencing the same attack is also increasing.  When such an incident occurs, the intelligence gathered – including what happened, how it was dealt with, and lessons that were learned – can teach your organization what to do in the same situation.  In today’s dynamic threat environment, it’s impossible to single-handedly keep on top of everything.  Implementing a threat intelligence program can help you better protect your organization.

Read More

Topics: Security Policy, Threat Intelligence, Information Sharing

Why is Data Classification Important for Information Security?

Data classification is as fundamental a part of securing your organization's information as knowing what data you have and who can access it. It's the process of identifying and assigning pre-determined levels of sensitivity to different types of information. If your organization doesn’t properly classify your data, then you cannot properly protect your data.

Read More

Topics: Security Policy, Risk Management

Measuring Cybersecurity Success

Many CISOs struggle to build a compelling business narrative around their cybersecurity efforts. So when they stand before C-execs or board members, they turn to quantitative measures to craft a basic blocking-and-tackling story (check out how many suspicious connections our firewalls blocked last quarter) and watch eyes glaze over. What’s missing from these number-packed tales, according to 2018 CyberCrime Symposium presenter Summer Fowler, is any business context.

Read More

Topics: Security Policy, CyberCrime Symposium, Cybersecurity Culture

Understanding the General Data Protection Regulation (GDPR) and What it Means for Businesses Worldwide

The purpose of the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, is to help the European Union (EU) give its citizens and residents control over their own personal data. It's designed to simplify the regulatory environment for international businesses and it unifies the regulations within the EU. One of the more significant aspects of the GDPR is that it also addresses the export of personal data outside of the EU, making it the first global data protection law.

Read More

Topics: Security Policy, Regulations

Become Bilingual and Bridge the Gap

Ask CISOs to prioritize the skills they require to excel in their work, and a sizeable number will put talk before tech. Bi-directional communication — and its role in creating world-class cybersecurity programs — is a reoccurring theme in security workforce surveys and similar research. At the 2017 CyberCrime Symposium, featured speaker Summer Fowler tapped into influential security studies by ISC2, SANS, and Carnegie Mellon University (CMU) to spotlight the communication breakdown that characterizes interactions between CISOs and their senior leadership.

Read More

Topics: Compliance, Security Policy, CyberCrime Symposium