The company board expects the Chief Information Security Officer (CISO) to fulfill several key responsibilities related to cybersecurity and risk management. Here are some more expectations of the CISO (also see Part 1): Security Awareness and Training The board expects the CISO to develop and implement cybersecurity awareness programs to […]
Blog
21 posts
The company board expects the Chief Information Security Officer (CISO) to fulfill several key responsibilities related to cybersecurity and risk management. Here are some common expectations of the CISO: Develop and Implement Cybersecurity Strategy: The board expects the CISO to develop a comprehensive cybersecurity strategy aligned with the organization’s goals […]
Why is Phishing such a big problem? Anti-phishing is critical to an organization’s cybersecurity posture. This is because today’s email attacks routinely bypass security controls such as secure email gateways, Microsoft 365 security, and Google Workspace security. All phishing attacks have the potential to result in financial loss, data breaches, […]
Weak or broken authentication is acknowledged by the OWASP as easily exploitable by hackers with extreme damage potential. Users need to be authenticated when they are trying to access an application or a service in a reliable, secure (and convenient) manner but this is not always practiced. 81% of data […]
Businesses need to scan the external available infrastructure and applications to protect against external threats. They also need to scan internally to protect against insider threat and compromised individuals. Pen testing should be conducted regularly, from monthly, to possibly quarterly. Because of the constantly evolving threat universe, once a month […]
We are trying hard to make it really tough for hackers to break into you network but what happens when they do? In the OWASP top 10, #3 deals with preventing sensitive data from being exposed in the event that a successful attack is made. This in turn can help […]