Cybersecurity Governance News – 2/26/16
Ensuring cybersecurity is relevant and important to everyone in your organization, not just the IT department, is a challenge.
45% of IT Staff Circumvent Their Own Security Policies
eSecurity Planet, Feb. 22
“Even if these actions are being performed to validate existing infrastructure, senior leadership should be aware that this activity is occurring. It may also be worthwhile to consider third-party audits to ensure adherence with corporate security policies.”
Marcus Ranum chats with CGI Group's Terri Curran
TechTarget, 2015
“I’ve been in boardroom meetings where as soon as the CISO’s metrics presentation flashed on screen, eyes rolled heavenward and email was surreptitiously checked… you need a mix of time-based, results-based and forward-looking metrics to explain your InfoSec posture and avoid the rolling eyes in the boardroom.”
Read Article
Cybersecurity and Whistleblowers?
CSO, Feb. 19
It is not a comfortable topic – virtually all cases involving a cybersecurity whistleblower have ended with a confidential settlement. But experts, and lawyers, say that in an increasingly connected world, those cases are bound to increase
FDIC: Words of Warning to Financial Institutions and their Boards
JDSupra Business Advisor, Feb. 23
Cybersecurity is a matter of corporate governance. Corporate governance should be at the core of a meaningful cybersecurity framework. The FDIC explains that “[a] bank should evaluate and manage cyber risk as it does any other business risk.”
Apple vs. the FBI Is Really, Really Complicated
Harvard Business Review, Feb. 19
The sense one gets from all of this is not of finding a right side and a wrong side, or winners and losers, but rather, the commencement of one of the most important public debates around technology’s and technology companies’ roles in a society committed to protecting citizens from terrorism and other threats.
DHS Issues Guidance on How to Share Cyberthreat Data
BankInfo Security, Feb. 18
DHS has issued four guideline documents that in the words of Secretary Jeh Johnson “provide federal agencies and the private sector with a clear understanding of how to share cyberthreat indicators.”