Information security program management
CISOs and information security programs are vital to protecting enterprises against today's cyber threats. In this resource centers, get the latest news and advice about CISO practices, infosec prrogram management and more.
Top Stories
-
Tip
08 Apr 2025
Ransomware payments: Considerations before paying
To pay or not to pay -- that's the question after a ransomware attack. Law enforcement recommends against it, but that doesn't stop some companies from paying up. Continue Reading
-
Tip
07 Jan 2025
Enterprise cybersecurity hygiene checklist for 2025
Enterprise cybersecurity hygiene must be a shared responsibility between employees and employers. Learn how both can get the job done with this checklist. Continue Reading
-
Tip
26 Jan 2017
When not to renew a vendor contract due to security issues
Opting out of a vendor contract for security reasons can be a tough decision for CISOs. Expert Mike O. Villegas discusses how NASA handled the situation and what CISOs can do. Continue Reading
-
Feature
01 Nov 2016
Want a board-level cybersecurity expert? They're hard to find
Members of the board must be ready to defend their fiduciary decisions, corporate policies, compliance actions and, soon, cybersecurity preparedness. Continue Reading
-
Answer
19 Sep 2016
Are new cybersecurity products the best investment for enterprises?
Having the latest cybersecurity products isn't always the best way to approach security. Expert Mike O. Villegas explains why and how to deal with pressure to buy new. Continue Reading
-
Answer
04 Apr 2016
What are the differences between active boards and passive boards?
Both active and passive boards of directors have different approaches to handling cybersecurity within their organizations. Here's how to tell which type you have. Continue Reading
-
Feature
18 Mar 2016
Designing and Building Security Operations center
In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security. Continue Reading
-
Tip
24 Feb 2016
Cybersecurity products: When is it time to change them?
Enterprises should assess their cybersecurity products to make sure they're as effective as possible. Expert Mike O. Villegas discusses how to evaluate cybersecurity tools. Continue Reading
-
Answer
01 Oct 2015
Should security funds be dedicated to hiring or tools?
Security funds can be tough to come by, so when managers get them should they focus on strengthening security through hiring or through purchasing tools? Continue Reading
-
Tip
26 Aug 2015
Managed security service providers: Weighing the pros and cons
Using a managed security service provider can be an appealing option to enterprises, but there are many factors to consider before making the move to outsourcing. Continue Reading
-
Tip
19 Jun 2015
State of the Network study: How security tasks are dominating IT staff
The majority of networking teams are regularly involved in enterprise security tasks. Expert Kevin Beaver explains the phenomena and how to embrace it. Continue Reading
-
Answer
06 May 2015
How should we hire for specialized information security roles?
A rise in specialized roles puts extra pressure on security hiring. Expert Mike O. Villegas explains how to meet this demand and find talented security professionals. Continue Reading
-
Answer
04 May 2015
The CEO refuses cybersecurity best practices: Now what?
Some executives don't think cybersecurity best practices apply to them. Expert Mike O. Villegas explains how to handle that situation. Continue Reading
-
Tip
19 Mar 2015
Is the CISO job description getting out of hand?
CISO roles and responsibilities are built on impossible standards and unrealistic expecations. Expert Joseph Granneman explains this trend and why enterprises need to reverse it. Continue Reading
-
Tip
02 Feb 2015
Getting to know the new GIAC certification: GCCC
The new GIAC certification, GCCC, is not a very specific certification, but it could prove useful in organizations. Expert Joseph Granneman explains why. Continue Reading
-
Tip
09 Jan 2015
How to increase the importance of information security in enterprises
Expert Mike Villegas explains how to use the Three C's to emphasize the importance of information security within an organization. Continue Reading
-
News
05 Oct 2011
Security innovation must hurdle academic, regulatory roadblocks
Regulators, lawmakers, academia share equal blame in putting the brakes on innovation in security, experts say Continue Reading
-
Answer
03 Feb 2010
Security report template: How to write an executive report
Writing a security report for executives doesn't have to be difficult or extensive, but security management expert Ernie Hayden describes how to make it comprehensive and clear. Continue Reading
- Feature 03 Jul 2008
- Feature 03 Jul 2008
-
Definition
09 May 2008
anti-money laundering software (AML)
Anti-laundering software is a type of computer program used by financial institutions to analyze customer data and detect suspicious transactions... (Continued) Continue Reading
-
Tip
17 Jan 2008
Your physical security budget: Who pays and how much?
In many organizations, the cost of data center security is a shared expense -- or at least it should be. How much then should you be spending on security and how much of that should be picked up by other business units? Continue Reading
