Richard Harrison, CISO at healthAlliance in New Zealand, is focused on visibility and "security by design" from initiation through design-build-operate process, to achieve excellence in security operations
It's not just traditional data governance – it's about business risk. And in the age of GDPR and CCPA, you’d best have a handle on data discovery and classification. Patrick Benoit of CBRE gives the BISO's perspective on data risk governance.
You can see it in the latest high-profile attacks: Security requirements are ever more complex, exceeding the capacity of current protection capabilities. Enterprises need a new strategy for defending entry points, and Tom Sego of BlastWave believes he has it.
As a global CISO and privacy officer, Rebecca Wynn has earned her stripes. And she's upfront with her expectations: She will take your security organization to the next level. But she also won't hesitate to walk away if she sees that cybersecurity commitment is nothing but talk.
How can healthcare organizations, which have been considered technology laggards, now become leaders? CISO Mitch Parker recommends that they implement technology - including security solutions - as part of a broader business strategy.
Security researchers who track ransomware often think such attacks must have hit their peak and can't get any worse - but then they do, thanks to top gangs continually improving the sophistication of their criminal enterprises, say McAfee's Raj Samani and John Fokker.
Nastassja Finnegan, CSO of First National Bank South Africa, says that the key to creating a strong culture of security in an organization is providing the right security context - and failure to do so results in pushback.
While ransomware attacks are largely viewed as cybersecurity incidents, there are critical data privacy concerns that must always be top of mind, says Jodi R. Daniels, founder and CEO of privacy consultancy Red Clover Advisors.
Attorney Ann Marie Mortimer shares tips on reducing liability in the event of a data breach and how ordinary security team communications, standard incident response reports and bug bounty payments can make a bad situation even worse.