A Review of the Best News of the Week on CISO Views
Infosec Education: What are the “right” credentials? (ShackF00, Sep 19 2017)
Well, the infosec community has done it again. We’ve gotten good and riled about something, with (maybe) good reason. In case you’ve been under a rock, here’s the breakdown: Equifax suffered a massive breach of consumer credit data…and many accused the company of being negligent for hiring the CSO, Susan Mauldin, because she has degrees in music, not infosec.
The Yahoo Breach Was Actually Three Billion Accounts (Wired, Oct 03 2017)
Ten months ago, Yahoo disclosed the biggest breach in history. As it turns out, the company severely underestimated the impact. Think a billion users is bad? Try three billion.
USPS ‘Informed Delivery’ Is Stalker’s Dream (Krebs on Security, Oct 02 2017)
A free new service from the U.S. Postal Service that provides scanned images of incoming mail days before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service’s potential for misuse by private investigators, identity thieves, stalkers or abusive ex-partners. The USPS says it hopes to have changes in place by early next year that could help blunt some of those concerns.
Best and Worst Security Functions to Outsource (Dark Reading, Sep 29 2017)
Which security functions are best handled by third parties, and which should be kept in-house? Experts weigh in.
Analyzing Cybersecurity’s Fractured Educational Ecosystem (Dark Reading, Sep 29 2017)
We have surprisingly little data on how to evaluate infosec job candidates academic qualifications. That needs to change.
Russian cybersecurity magnate Kaspersky slams Congress (The Hill, Oct 02 2017)
Cybersecurity magnate Eugene Kaspersky chided Congress in a blog post on Monday over his abruptly postponed testimony in front of the House Science Committee, which had originally been scheduled for last week.
DHS cyberinsurance research producing insights about security trends (TechRepublic, Oct 02 2017)
The US Department of Homeland Security says it’s starting to see interesting security trends based on a long-term research project into cyberinsurance markets.
US-Israeli cybersecurity firm ForeScout files for Nasdaq IPO (The Times of Israel, Oct 03 2017)
Prospectus said it hopes to hold a share sale to the public, raising up to $100 million. Calcalist news website said the offering would lead the company to a valuation of around $1.2 billion to $1.5 billion.
SAP to acquire Gigya (Gigya, Oct 05 2017)
Gigya was positioned as the leading widget distribution network and was following an advertising model. The company then pivoted to a SaaS model selling a broad social engagement platform. Through iteration and by really listening to customer feedback, the company doubled down on the customer identity management problem and increased its focus on enterprise customers, which resulted in escape velocity for the business.
Advice for US-based IT Managers on GDPR Impact and Compliance (Okta blogs, Oct 03 2017)
The General Data Protection Regulation (“GDPR”) is a European Union (“EU”) law, but it’s going to have a big impact on American businesses that collect and process personal data of EU individuals.
What Security Teams Need to Know about the NIAC Report (Dark Reading, Oct 04 2017)
Which of the recommendations made by the NIAC working group will affect security teams the most, and how should they prepare?
Kaspersky NSA Hack Points to a Serious Rogue Contractor Problem (Wired, Oct 05 2017)
After the revelation of the third contractor leak in as many years, the agency has a clear operational security problem.
Cybersecurity technology: Everything is transforming and in play (CSO Online, Oct 06 2017)
Just about every security monitoring tool and control is going through a profound transformation. Here are just a few examples.