How Security Can Actually "Enable the Business"

Posted by Mark Walsh on Mar 11, 2015 8:50:00 PM

One of the most over-used phrases in security organizations today is “enabling the business.”  It looks great on mission statements and sounds good in meetings, but what does it really mean?  Common answers usually center on “protecting information” and “responding to incidents.”  But are the defensive actions of a security organization truly assisting the company with growth and productivity?  How can security actually help the organization accomplish more work and subsequently add revenue? 

Read More

Topics: Business, Security, eGRC

Top 3 Leadership Pitfalls in a Security Operations Center

Posted by Jeff Schroeder on Mar 9, 2015 8:51:00 PM

 Security Operations Centers (SOC) provide businesses with the ability to see what’s going on in order to respond accordingly. SOC teams rely on the ability to learn skills and processes on-the-fly to meet expectations from stakeholders across the business and combat an ever evolving persistent cyber threat. One of the critical contributors to any SOC’s success is skill availability. While technical experts and vendors have done great work building cybersecurity solutions, a SOC is nothing without the right people.

Read More

Topics: Security, Security Leadership, Security Operations Center, SOC

The Sony Breach and The U.S. Government's Responsibility to Act

Posted by Eric Noonan on Dec 2, 2014 8:39:00 PM


The last week or so marks what I would describe as an unprecedented shift in the impact of cyber attacks with the Sony breach. I run from the constant fear, uncertainty and doubt (FUD) that gets circulated and recirculated by vendors and media outlets but I see this attack and more specifically the impact as different for several reasons. The Sony attack is also a call to action for the government of the United States to get their act together on cyber security and DO something to help American businesses large and small better defend themselves.

Read More

Topics: Security, Security Leadership

You Can't Do It Alone

Posted by Eric Noonan on Nov 26, 2014 8:39:00 PM


When I was a CISO for a global defense company, I realized that a company of any significant size or complexity could never “do” security for themselves. Why can’t big companies go it alone? Partly because of specific resources and expertise that is not resident in-house and partly because of all the things that compete with delivering security, namely projects, politics, personalities, egos and all the other fun stuff that comes with being in a big company. Political correctness and all of the other impediments of a big company naturally get in the way of delivering actual security. Executives have pet projects that compete with core mission requirements and day to day security falls behind.

Read More

Topics: Security, Security Leadership

Can you see the bigger picture?

Posted by Eric Noonan on Feb 26, 2013 8:27:00 PM

 

Read More

Topics: Roadshows, Business, Security, eGRC, Security Leadership, RSA ARcher

RSA 2013

Posted by Eric Noonan on Feb 25, 2013 8:31:00 PM

All checked in @RSA 2013 here in San Francisco!

Read More

Topics: Roadshows, Business, Security, eGRC, Security Leadership, RSA ARcher

Standards: voluntary, mandatory, or a waste of time?

Posted by Eric Noonan on Jan 31, 2013 8:34:00 PM

Siobhan Gorman of the Wall Street Journal wrote yesterday that “Fortune 500 companies in a range of industries back a system of voluntary cybersecurity standards”. The topic of cybersecurity standards being voluntary or mandatory often sparks lively debate, but unfortunately it’s the wrong discussion.

Read More

Topics: Business, Security, eGRC, Security Leadership