4 min
CISOs
How CISOs’ Roles – and Security Operations – Will Change in 2024
It’s fair to say that 2023 was a turning point for the cybersecurity industry,
and no one felt it more than the CISO. From the onslaught of ransomware and
zero-day attacks,
[http://8px6.517b2b.com/blog/post/2024/01/12/2023-ransomware-stats-a-look-back-to-plan-ahead/]
to the SEC’s new reporting rules
[http://8px6.517b2b.com/globalassets/_pdfs/policy/sec-cybersecurity-compliance-solution-brief.pdf]
, and added to technological innovation and sprawl, CISOs have never been under
more pressure to ge
3 min
CISOs
4 Questions for CISOs to Reduce Threat Exposure Risk
The report, 2024 Strategic Roadmap for Managing Threat Exposure, can help CISOs and other top executives steer away from risk by analyzing their attack surfaces for gaps.
2 min
Cloud Security
Be Empathetic and Hug Your CISO More!
In the rapidly evolving landscape of cloud computing, the adoption of multi-cloud environments has become a prevailing trend. Organizations increasingly turn to multiple cloud providers to harness diverse features, prevent vendor lock-in, and optimize costs.
1 min
InsightIDR
This CISO Isn’t Real, But His Problems Sure Are
The odds are stacked against this poor guy (and you) now – but a unified Extended Detection and Response (XDR) and SIEM restacks them in your favor.
3 min
CISOs
The Cybersecurity Skills Gap Is Widening: New Study
A new study reveals organizations are having serious trouble sourcing top-tier cybersecurity talent — despite their need to fill these roles growing more urgent by the day.
3 min
Threat Intel
The CISO as an Ethical Leader: Building Accountability Into Cybersecurity
It’s important that cybersecurity leaders reinforce ethical practices in guarding against data loss.
6 min
CISOs
Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500
We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.
8 min
ICER Reports
Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500
Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.
3 min
CISOs
How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs
Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ (formerly CBS All Access) streaming platform.
4 min
ICER Reports
Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500
There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here.
7 min
CISOs
Security Budget Tips, from CISOs, for CISOs
CISO Series: Budgeting
I have provided a brief overview of the genesis of the CISO series
[/2015/10/27/introducing-the-ciso-blog-series], and now it is time to tackle our
first topic: security budgets. Whether you're the CISO of a large public company
or leading security at an early-stage startup, rich in headcount or forced to be
tight with the purse strings, reporting into the CIO, COO, or elsewhere in the
organization, the fact remains that budget conversations are among the most
critical and
10 min
CISOs
Push vs Pull Security
I woke up from a dream this morning. Maybe you can help me figure out what it
means.
Your company hired me to build a security program. They had in mind a number of
typical things. Build a secure software development lifecycle so app developers
didn't code up XSS vulnerabilities. Improve network security with new firewalls,
and rolling out IDS sensors. Set up training so people would be less likely to
get phished. Implement a compliance program like NIST or ISO. And you wanted all
of that rolle
6 min
CISOs
CISOs: Do you have enough locks on your doors?
In a previous blog post
[/2015/07/09/ciso-in-residence-series-shocked-but-not-surprised], I referenced
some research on how people plan for, or rather how they fail to plan for,
natural disasters like floods. At the end of the blog post I mentioned that
people who have poor mental models about disasters fail to prepare fully. I keep
coming back to the idea of mental models because it starts to explain why we
have such a gap between security practitioners and senior executives.
I asked one CISO
1 min
CISOs
Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"
Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live
Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and
Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this
week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity
Awareness month webcast where we were joined by a panel of experts:
Brian Betterton - Director, Security, Risk and Compliance at Reit Management &
Research
Trey Ford - Global Security