Category


Latest Blogs

All Blogs »

March 15, 2017 | Team Structure and Management
By Adam Ely, IANS Faculty

 Revamping the Security Organization

Every enterprise is different, as is the makeup of just about every security team. Are there any best practices for creating the ideal security organization? In this Ask-an-Expert live response, IANS Faculty Adam Ely offers some strategies for reworking the security organization to gain better alignment, agility and effectiveness.

Read More »


January 27, 2017 | Team Structure and Management
By Stan Dolberg, IANS Faculty

 Where CISOs Report: A Snapshot

While most CISOs report to IT leadership today, this is not the ideal reporting relationship for managing information-security risk. In this Ask-an-Expert written response, IANS Chief Research Officer Stan Dolberg reviews data from IANS CISO Impact research, which demonstrates that an experienced CISO is positioned for maximum influence when reporting into an organization's senior management. 

Read More »


January 11, 2017 | Team Structure and Management
By David Kolb, IANS Faculty

 Managing Difficult Infosec Conversations

Information security professionals sign up for some daunting challenges. Building a toolkit of “soft skills” alongside technical expertise can make the difference in meeting those challenges. In this report, IANS Faculty David Kolb offers strategies for managing difficult conversations, from crafting a well-prepared message to handling the response in an effective manner. 

Read More »


January 6, 2017 | Team Structure and Management
By David Kolb, IANS Faculty

 Keeping CALM: Building the Business Relationships that Drive Infosec Success

CISOs and information security leaders are called upon to develop partnerships throughout their organizations in an effort to better align their objectives with those of the business. To do this, they need to understand how other leaders operate and determine how to best motivate them. In this webinar, professional development expert and IANS Faculty David C. Kolb, Ph.D. discussed his model for improving communication and facilitating leadership that drives effective partnerships, rather than simply transactional relationships.

Read More »


November 18, 2016 | Team Structure and Management
By Dave Shackleford, IANS Faculty

 Security Operations Maturity Chart

For security organizations, understanding where you stand from a maturity perspective can offer valuable insight into which processes and procedures need to be improved. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford charts benchmarks for certain aspects within information security, from event detection and incident management to metrics and data visualization

Read More »


October 6, 2016 | Security Policies and Strategy
By Michael Pinch, IANS Faculty

 5 Ways to Improve Security While Cutting Costs

Attacks and malware continually evolve, forcing organizations to react by implementing an ever-expanding tool set. Unfortunately, few budgets expand in kind. In this report, IANS Faculty Michael Pinch details five key ways to immediately improve your organization’s security posture, without breaking the budget.

Read More »


September 23, 2016 | Recruiting, Hiring and Retention
By Adam Ely, IANS Faculty

 Building and Staffing a Winning Security Team

The fierce competition for skilled, experienced security practitioners has made the infosec talent shortage a top concern for security leaders. How do you assemble a world-class team in such a withering environment? In this webinar, IANS Faculty Adam Ely shares key hiring and retention strategies to help you out-recruit your competitors and keep the all-star players you need to win.

Read More »


August 9, 2016 | Team Structure and Management
By Rich Guida, IANS Faculty

 Prioritizing Risk to Manage the Security Team’s Workload

When it comes to managing the workload of the security team (particularly if it only has a few members), prioritizing organizational risks is an important first step. In this Ask-an-Expert written response, IANS Faculty Rich Guida offers tips for developing a true risk register, compiling critical metrics and getting the various business units to own risks.

Read More »


May 2, 2016 | Security Policies and Strategy
By Rich Guida, IANS Faculty

 Creating a Charter for a Security Strategy Committee

Creating a comprehensive charter for a security strategy committee can be a challenging process for organizations. In this Ask-an-Expert written response, IANS Faculty Rich Guida outlines the important aspects of such a charter, from determining which business units will be involved to devising a standard operating procedure that describes how the committee will ultimately operate.

Read More »


April 27, 2016 | Recruiting, Hiring and Retention
By Adam Ely, IANS Faculty

 Where Is All the Talent?

Teams that are successful at hiring and retaining employees leverage a few key strategies that allow them to out-recruit, win and keep the talent they so urgently need. In this report, IANS Faculty Adam Ely details exactly what those strategies are and provides a blueprint for you to follow in their footsteps.

Read More »


April 21, 2016 | Security Policies and Strategy
By Stan Dolberg, IANS Faculty

 CISO Impact: Lighting the Path to Leadership

Information security leaders promise to protect digital assets across space and time - but command few of the resources needed to deliver on that commitment. In this report, IANS uses its growing CISO Impact dataset to help CISOs pinpoint their current posture, highlight navigable terrain and prescribe specific actions, both technical and organizational, they can use to travel the path blazed by pioneering CISOs and their teams.

Read More »


March 21, 2016 | Certifications and Training
By Chris Gonsalves, IANS Director of Technology Research

 Making Smart Security Conference Choices

Information security conferences can offer tremendous value, but how can you be sure you're attending the ones that will benefit your organization the most? In this Ask-an-Expert written response, IANS Director of Technology Research Chris Gonsalves offers recommendations for effectively game planning a conference and provides insight into a number of the top conferences in the infosec world.

Read More »


March 10, 2016 | Security Policies and Strategy
By Davi Ottenheimer, IANS Faculty

 Ethical Dilemmas in Information Security

While IT security has long focused on protecting the brand, businesses now must also consider the moral and ethical responsibilities raised by handling large volumes of sensitive data about individual consumers. In this webinar, IANS Faculty Davi Ottenheimer explores the ethical dilemmas of mass data storage and discusses ways to employ internal privacy councils and other methods to ensure private data is being maintained, protected and used in appropriate ways.

Read More »


February 24, 2016 | Team Structure and Management
By Adam Ely, IANS Faculty

 Integrating Security Into the Merger and Acquisition (M&A) Process

Many times, security considerations are just an expensive afterthought when it comes to closing a merger or acquisition. In this Ask-an-Expert live interaction, IANS Faculty Adam Ely offers strategies for inserting security into the M&A process up front, as well as for ensuring acquired entities are gathered into the fold securely and efficiently.

Read More »


February 12, 2016 | Certifications and Training
By Chris Gonsalves, IANS Director of Technology Research

 Hot Takes: Using the Media to Boost Infosec Knowledge, Not Fear

The world is full of technology media outlets that promise the latest in IT security news, views and reviews. The trouble is, not all articles — even those from the biggest media brands — are created equal. How can you tell when you’re getting fact, FUD or marketing fluff? In this webinar, IANS Director of Technology Research Chris Gonsalves helps you weed out the nonsense and find sources that can inform your threat-modeling and defense activities.

Read More »


February 1, 2016 | Security Policies and Strategy
By Michael Pinch, IANS Faculty

 Detailing the Latest Security Trends in Health Care, Financial Services

Threats have continued to evolve rapidly in the health care and financial services industries, leaving many organizations struggling to keep up. In this Ask-an-Expert written response, IANS Faculty Mike Pinch and Alex Hutton detail the current threat landscape for health care and financial services and offer some recommendations for security teams looking to mature their programs.

Read More »


January 15, 2016 | Security Policies and Strategy
By Dave Shackleford, IANS Faculty

 Information Security Trends for 2016 (Webinar Replay/Slides)

Ashley Madison, CISA, a remote-controlled Jeep, ransomware, a massive breach at the U.S. Office of Personnel Management: 2015 was a challenging year for infosec. What hacks, holes and malware drops will surface in 2016? And what hot technologies are on the horizon to fight them? In this webinar, IANS Faculty Dave Shackleford and Adam Ely reveal major trends in store for IT security professionals in the coming year.

Read More »


January 11, 2016 | Security Policies and Strategy
By Dave Shackleford, IANS Faculty

 Information Security Trends for 2016

2015 was a challenging year for infosec. What hacks, holes and malware drops will surface in 2016, and what hot technologies are on the horizon to fight them? In this report, IANS Lead Faculty Dave Shackleford reveals major trends in store for IT security professionals in the coming year.

Read More »


November 17, 2015 | Security Policies and Strategy
By Bruce Bonsall, IANS Faculty

 Information Security Spend: Examining the Trends

It's budget-planning crunch time and many CISOs are looking to increase (or at least maintain) their organization's information-security spend in 2016. In this Ask-an-Expert written response, IANS Faculty Bruce Bonsall examines the latest studies on security's percentage of overall IT spend, and explains that one approach can be to consider the potential cost-per-compromised-record in the event of a breach.

Read More »


October 29, 2015 | Security Policies and Strategy
By Dave Kennedy, IANS Faculty

 Maintaining Physical/Door Security in an Emergency

During an emergency, safety is always the primary concern, but how can organizations ensure their critical areas remain secure as well? In this Ask-an-Expert written response, IANS Faculty Dave Kennedy explains which areas should have fail-safe and fail-secure doors and explains the important role that security guards and camera systems can play in protecting sensitive locations.

Read More »


October 16, 2015 | Security Policies and Strategy
By Mike Saurbaugh, IANS Faculty

 Rallying Organizational Support for Security Initiatives

Getting the attention of the board is an important step for CISOs and other information security leaders, but how do you then garner support (and a larger budget) for your department? In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh explains that CISOs need to create a common vision and ensure their message to the board (and others within the organization) is both business- and personal-oriented in order to increase recognition and support for security.

Read More »


October 15, 2015 | Security Policies and Strategy
By Davi Ottenheimer, IANS Faculty

 Detailing Global Cybersecurity Policies

Understanding the often complex cybersecurity laws of various countries can be extremely challenging for security teams at global enterprises. In this Ask-an-Expert written response, IANS Faculty Davi Ottenheimer details the cybersecurity policies of a number of countries and emphasizes the important role that culture plays when it comes to cybersecurity policymaking around the globe.

Read More »


September 22, 2015 | Security Policies and Strategy
By Bruce Bonsall, IANS Faculty

 Gaining Command of the Facts

To truly excel, CISO organizations must possess more than technical expertise. They must also excel at proactive organizational engagement, which IANS breaks down into The 7 Factors of CISO Impact. In this report, IANS Faculty Bruce Bonsall and CRO Stan Dolberg outline best practices in mastering Factor 1: Gain Command of the Facts.

Read More »


September 16, 2015 | Security Policies and Strategy
By Dave Shackleford, IANS Faculty

 Mitigating Security Risks for Traveling Employees

When employees are traveling overseas, it can be a challenge for security teams to ensure data is being properly protected. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford explains that company policies around encryption, authentication, acceptable use and anti-malware need to be updated for employees traveling to certain countries and lists a number of relevant threat information sites that should be regularly monitored.

Read More »


September 10, 2015 | Security Policies and Strategy
By Mike Saurbaugh, IANS Faculty

 Security vs. IT: Who’s Responsible for What?

IT and information security are often linked together, but in reality, there is a clear distinction between the two groups. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh details the key differences in responsibilities for IT and information security, noting, for example, that information security should take the lead on logging events and suspected incidents as part of IR. 

Read More »


September 9, 2015 | Recruiting, Hiring and Retention
By Mike Saurbaugh, IANS Faculty

 Justifying Replacing a Consultant With an Employee (or Two)

When it comes to building a strong information security team, it's often about doing more with less. In this Ask-an-Expert written response, IANS Faculty Mike Saurbaugh makes a compelling case for choosing full-time, in-house employees over consultants, detailing the cost benefits as well as the day-to-day advantages, from improving succession planning to increasing project management skills on the team.

Read More »


August 5, 2015 | Security Policies and Strategy
By Adam Ely, IANS Faculty

 Evaluating New Security Solutions and Identifying Gaps in Existing Technology

An abundance of new security technologies enter the market each year, but determining which solutions to invest in can be a challenge. In this Ask-an-Expert written response, IANS Faculty Adam Ely offers a process for identifying technology gaps and taking advantage of external resources to aid the investment decision making process.

Read More »


June 25, 2015 | Security Policies and Strategy
By Mike Saurbaugh, IANS Faculty

 Making the Security Budget Count

Foster Talent: If there's any good news to come out of the recent spike in high-profile data breaches, it's that some corporate executives are beginning to add to their security budgets. In this report, IANS Faculty Mike Saurbaugh details best practices for getting the most out of these newly allocated resources, with a focus on adding talented staff.

Read More »