What Boards Want to Know and CISOs Need to Say
Seven years ago in the SBIC report Bridging the CISO-CEO Divide, we explored the best practices security leaders could use to communicate more eﬀectively with their COs. CISOs were at a crossroads and just beginning to take a seat at the executive table. We provided recommendations from global leaders about ways CISOs could embrace their growing leadership role, build trust with the executive leadership team and earn the conﬁdence of their CO. We discussed how harting a new course based on a strategic, risk-based approach to information security would drive clear business value.
Keeping your company secure is as much about detecting and responding to attacks as they occur as it is about preventing attacks before they happen. Given the proliferation and sophistication of malicious entities, organizations must assume that they will be infiltrated and have an effective detection and response strategy. In this report Forrester Consulting evaluates how the capabilities of SIEM and security analytics solutions stack up against the current threat landscape.
Any size organization can be a target, generally because of weak authentication. Password-only protection is simply too risky. In addition, stolen passwords were responsible for major thefts of records from Best Buy and Twitter. This paper will show why any size organization can be a target; and how the legal and threat environment—combined with BYOD and cost factors—make multi-factor, risk based authentication the logical approach to solving the problem.
With the number of new and emerging security products being denoted by analysts as the “silver bullet” solution, it is critical to recognize that there are many authentication choices available on the market. In this whitepaper, we look at what organisations must consider before making a final selection, specially their user authentication needs, the threats targeting their business, their business objectives and the regulatory guidelines that impact their industry.
The user authentication market is dominated by well-established, wide-focus vendors. Newer wide- and tight-focus vendors continue to offer enterprises sound alternatives across a range of use cases. In this whitepaper, we look at the marketplace to compare how vendors compare in their completeness of vision and their ability to execute.
Inside this report: Key characteristics of APTs, how enterprises are making themselves vulnerable, new approaches to information security, and seven defensive measures against escalating threats.
In our increasingly globalised environment, economies and enterprises are steadily becoming interrelated. Yet many key functions and departments the deal with related information and business processes remain siloed. The answer is to bring governance, risk management and compliance together in an integrated program where policies, data and controls are strategically managed and visible throughout the enterprise.
In this paper, ENTERPRISE MANAGEMENT ASSOCIATES® (EMA™) highlights how the RSA Solution for Cloud Security and Compliance offers such an approach. Centered on the well-accepted RSA Archer eGRC platform and enVision® platform technologies for security and compliance information and event management.
Security management needs to evolve to protect business, government, and individuals from growing cyber threats. This Paper outlines challenges facing security executives and teams and uses an “air traffic control system” analogy to show how advanced security management systems can deliver better security by providing a single point of visibility and coordination for physical, virtual, and cloud assets. Solutions are presented where business processes, policy, controls, and data work in concert to achieve the vision of an air traffic control system for information security.
In cloud environments, one of the most pervasive and fundamental challenges for organizations in demonstrating policy compliance is proving that the physical and virtual infrastructure of the cloud can be trusted – particularly when those infrastructure components are owned and managed by external service providers. Read on.