Information security program management

CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.

Top Stories

Tip 12 May 2023
Incident response: How to implement a communication plan

Communication is critical to an effective incident response plan. Here are five best practices for communication planning and a free, editable template to get started. Continue Reading
Tip 18 Apr 2023
Top 7 enterprise cybersecurity challenges in 2023

Security teams faced unprecedented challenges in 2022. The year ahead appears no less daunting. Here are the cybersecurity trends and safeguards to take into account in 2023. Continue Reading

Tip 09 Oct 2017

Make your incident response policy a living document

Effective incident response policies must be detailed, comprehensive and regularly updated -- and then 'embedded in the hearts and minds' of infosec team members. Continue Reading
Feature 13 Jun 2017

(ISC)2 CEO on cybersecurity workforce expansion and 2017 Congress

Recently, SearchSecurity editorial director Robert Richardson checked in with (ISC)2's CEO David Shearer as the organization prepares for its fall Security Congress. Continue Reading
Tip 06 Apr 2017

Dedicated security teams: The pros and cons of splitting focus areas

Could using dedicated security teams that focus on one area of risk help reduce the attack surface for enterprises? Expert Steven Weil looks at the pros and cons of that approach. Continue Reading
Answer 15 Mar 2017

How can CISOs strengthen communications with cybersecurity staff?

Effective CISO communications are key to fostering a healthy relationship with the cybersecurity staff. Expert Mike O. Villegas reviews some ways to build that relationship. Continue Reading
Answer 14 Mar 2017

What effect does a federal CISO have on government cybersecurity?

The brief tenure of a federal CISO in the U.S. government recently came to an end. Expert Mike O. Villegas discusses the effect this has on the U.S. cybersecurity posture. Continue Reading
Answer 16 Feb 2017

How does a security portfolio help an enterprise security program?

A security portfolio shouldn't be used as an alternative to a reporting structure, but it can still be beneficial to enterprises. Expert Mike O. Villegas explains how. Continue Reading
Answer 15 Feb 2017

What are the pros and cons of hiring a virtual CISO?

A virtual CISO is a good option for smaller organizations that want stronger security leadership, but don't have the budget. Expert Mike O. Villegas discusses the pros and cons. Continue Reading
Tip 09 Feb 2017

How to organize an enterprise cybersecurity team effectively

The structure of an enterprise's cybersecurity team is important for ensuring it's as effective as possible. Expert Steven Weil outlines strategies for setting up a security group. Continue Reading
Tip 26 Jan 2017

When not to renew a vendor contract due to security issues

Opting out of a vendor contract for security reasons can be a tough decision for CISOs. Expert Mike O. Villegas discusses how NASA handled the situation and what CISOs can do. Continue Reading
Feature 01 Nov 2016

Want a board-level cybersecurity expert? They're hard to find

Members of the board must be ready to defend their fiduciary decisions, corporate policies, compliance actions and, soon, cybersecurity preparedness. Continue Reading
Answer 19 Sep 2016

Are new cybersecurity products the best investment for enterprises?

Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new. Continue Reading
Answer 04 Apr 2016

What are the differences between active boards and passive boards?

Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have. Continue Reading
Feature 18 Mar 2016

Designing and Building Security Operations center

In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security. Continue Reading
Tip 24 Feb 2016

Cybersecurity products: When is it time to change them?

Enterprises should assess their cybersecurity products to make sure they're as effective as possible. Expert Mike O. Villegas discusses how to evaluate cybersecurity tools. Continue Reading
Answer 01 Oct 2015

Should security funds be dedicated to hiring or tools?

Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools? Continue Reading
Tip 26 Aug 2015

Managed security service providers: Weighing the pros and cons

Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing. Continue Reading
Tip 19 Jun 2015

State of the Network study: How security tasks are dominating IT staff

The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it. Continue Reading
Answer 06 May 2015

How should we hire for specialized information security roles?

A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals. Continue Reading
Answer 04 May 2015

The CEO refuses cybersecurity best practices: Now what?

Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation. Continue Reading
Tip 19 Mar 2015

Is the CISO job description getting out of hand?

CISO roles and responsibilities are built on impossible standards and unrealistic expecations. Expert Joseph Granneman explains this trend and why enterprises need to reverse it. Continue Reading
Tip 02 Feb 2015

Getting to know the new GIAC certification: GCCC

The new GIAC certification, GCCC, is not a very specific certification, but it could prove useful in organizations. Expert Joseph Granneman explains why. Continue Reading
Tip 09 Jan 2015

How to increase the importance of information security in enterprises

Expert Mike Villegas explains how to use the Three C's to emphasize the importance of information security within an organization. Continue Reading
News 05 Oct 2011

Security innovation must hurdle academic, regulatory roadblocks

Regulators, lawmakers, academia share equal blame in putting the brakes on innovation in security, experts say Continue Reading
Answer 03 Feb 2010

Security report template: How to write an executive report

Writing a security report for executives doesn't have to be difficult or extensive, but security management expert Ernie Hayden describes how to make it comprehensive and clear. Continue Reading
News 30 Apr 2009

Information security skills must include communication, expert says

Future security professionals will need to have better communication skills to gain respect, according to an expert speaking at the Infosecurity Europe exhibition in London. Continue Reading
Feature 03 Jul 2008

Results Chain for Information Security and Assurance

Continue Reading
Feature 03 Jul 2008

Information Security Blueprint

Continue Reading
Tip 17 Jan 2008

Your physical security budget: Who pays and how much?

In many organizations, the cost of data center security is a shared expense -- or at least it should be. How much then should you be spending on security and how much of that should be picked up by other business units? Continue Reading