A Review of the Best News of the Week on Cybersecurity Management & Strategy
Gartner Identifies the Top Six Security and Risk Management Trends (Gartner, Jul 03 2018)
Security leaders should harness this increased support and take advantage of six emerging trends, to improve their organization’s resilience while elevating their own standing.
Weak Admin Password Enabled Gentoo GitHub Breach (Dark Reading, Jul 05 2018)
Had the attacker been quieter, breach may not have been discovered immediately maintainers of popular Linux distribution said.
Disgruntled programmer accused of trying to sell his firm’s iPhone spyware for $50 million (Graham Cluley, Jul 06 2018)
…the firm was considering terminating his employment. Documents filed with an Israeli court claim that the company’s spyware and additional information was downloaded onto an external device immediately following the meeting. The defendant is then alleged to have approached a potential third-party buyer, posing as a member of a hacking group that had broken into NSO Group’s servers.
Second former Equifax staffer charged with insider trading (Naked Security – Sophos, Jul 02 2018)
In another entry for the ‘what were they thinking’ file, a second former Equifax executive has been charged with insider trading in advance of the company’s massive data breach announcement last September.
Women are the future? (SC Magazine, Jul 02 2018)
For all the political, social and corporate movements in support of women and diversity, women still only make up roughly 11 percent of the cybersecurity workforce and, in many cases, they’re facing a backlash. Teri Robinson reports.
The Pentagon Is Building a Dream Team of Tech-Savvy Soldiers (Wired, Jul 02 2018)
For years the Army has tried to recruit talent from Silicon Valley. A new initiative aims to nurture the rising technologists within its own ranks, too.
Hybrid SOC Scenarios (Gartner Blog Network, Jun 29 2018)
In slightly more clear terms, this is not a completely in-house SOC, but also not a “complete” (they never truly are complete) MSSP outsourcing arrangement, but something of a hybrid of both.
Fourth Circuit Defines Standing in Data Breach Cases (Infosecurity Magazine, Jul 03 2018)
Article III, Section 2, Clause 1 of the U.S. Constitution requires that that plaintiffs suffered an injury and that the injury is fairly traceable to the challenged conduct. The injuries, according to the American Bar Association, must be actual or certainly impending.
State of the SOC? Depends on Who You Ask (Infosecurity Magazine, Jul 05 2018)
New report finds distinction in perceived state of SOC among front line and executives
Cybersecurity remains non-core competency for most C-suite executives (Help Net Security, Jul 02 2018)
CISOs have become increasingly common in recent years (recent research suggests that nearly two-thirds of large US companies now have a CISO position), but the majority do not report directly to the CEO, which reduces their effectiveness.
The modern CSO: Future-proofing your organization in a disruptive world (Help Net Security, Jul 02 2018)
3 skills: The first is knowledge of the business to better align a security strategy to company objectives without being a blocker to innovation. The second is technical breadth. Third and most important is evangelism.
6 Drivers of Mental and Emotional Stress in Infosec (Dark Reading, Jul 02 2018)
Pressure comes in many forms but often with the same impact: stress and burnout within the security community.
SAP Risk Not Understood by C-Level (Infosecurity Magazine, Jul 02 2018)
The survey showed a sizable gap between executives and other professional groups in their perception of SAP security risks.
Data Security Startup Enveil Unveils Homomorphic Encryption Platform (SecurityWeek, Jul 03 2018)
Enveil’s New “ZeroReveal” Platform Enables Homomorphic Encryption to Secure Data in Use
EQT acquires SUSE for $2.5 billion (Help Net Security, Jul 05 2018)
SUSE has also expanded its product portfolio, including solutions for cloud and storage as well as container and application delivery technology.
Security Culture has to be Intentional and Sustainable (Infosecurity Magazine, Jul 05 2018)
Your security culture is – and will always be – a subcomponent of your larger organizational culture.