Filter By:



Recent Blogs & Podcasts

Insights Portal

\ Management & Leadership 

January 24, 2018 | Security Policies and Strategy
By Rich Guida, IANS Faculty

 Create a Security Roadmap from Scratch

Creating a security roadmap that both keeps the organization secure and gets top management on board is no easy feat. In this Ask-an-Expert written response, IANS Faculty Rich Guida explains how the best plans address an organization's most critical risks while showing agility and improvement over time. 

Read More »

January 17, 2018 | Recruiting, Hiring and Retention
By Josh More, IANS Faculty

 Perform Effective Background Checks at Scale

Screening potential U.S.-based employees is difficult enough, but scaling background checks across vendors and international employees is even more daunting. In this Ask-an-Expert written response, IANS Faculty Josh More details the various types of background checks available and common pitfalls to avoid when leveraging them. He also provides tips for expanding the program to encompass vendor employees and international workers, and a roadmap for automating the process over time.   

Read More »

January 2, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Create a Workable Acceptable Use Policy for Social Media

Creating strong, fair acceptable use policies governing employees' social media usage, especially in this era of BYOD and remote workforces, is fraught with thorny privacy, legal and other issues. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the importance of combining employee consent with a clear code of conduct.

Read More »

December 19, 2017 | Risk Management
By Bruce Bonsall, IANS Faculty

 Get the C-Suite to Own Cyber Risk

The business owns all the business results and therefore owns all the risks, including those that fall under information security. But what's the best way to convince upper management of that? In this Ask-an-Expert written response, IANS Faculty Bruce Bonsall offers several proof points, including a long list of regulatory initiatives that explicitly hold top execs accountable for information security risk.

Read More »

December 18, 2017 | Security Policies and Strategy

 CISO Impact Firmographic

Security teams of all industries and organization sizes have a pressing need for funding to keep their programs effective. The CISO Impact Firmographic is a benchmarking tool that allows you to compare your security budget and team size to organizations of similar sizes in your industry, and it is based on our research with more than 1,000 information security teams.

Read More »

December 14, 2017 | Security Policies and Strategy
By Marcus Ranum, IANS Faculty

 Communicate Cybersecurity Vulnerabilities Effectively

Communicating cybersecurity vulnerabilities to customers can sometimes feel like more of an art than a science. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum offers a clear blueprint for communicating effectively to ensure customers are protected and the organization does not face undue risk.

Read More »

December 11, 2017 | Security Policies and Strategy
By Dave Shackleford, IANS Faculty

 Create a Practical, Scalable Cloud Policy

As organizations start moving quickly to the cloud, getting the right cloud governance structure in place becomes paramount. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford provides key considerations, sample language and optimal processes for ensuring your cloud policies will be workable both today and over the long term.

Read More »

December 6, 2017 | Security Policies and Strategy

 M&A Security Checklist

The M&A Security Checklist is designed to be a guide to help information security professionals understand the M&A process end-to-end, identify the best places to inject security into the process and determine to-do list items that must be addressed within the deal lifecycle. 

Read More »

November 14, 2017 | Recruiting, Hiring and Retention
By David Kolb, IANS Faculty

 Handling Chaos: Thriving When Policy and Business Priorities Clash

Information security professionals must be able to thrive in a turbulent environment where corporate policy, goals and priorities don’t always align across departments. In this webinar, IANS Faculty David Kolb discusses how to put multiple conflicting forces in perspective and better manage diverse demands by putting big ideas such as emotional intelligence, political intelligence and organizational intelligence into practice.

Read More »

October 31, 2017 | Security Policies and Strategy

 Comprehensive Security Policy Generator

One of the best ways to construct a set of comprehensive information security policies is to start with the control categories laid out in ISO 27001 Annex A (also known as ISO 27002), and then describe what infosec policies apply to each of the controls. This document does just that, giving organizations the power to measure their current policies against this framework or develop new ones that align with the full scope of the ISO 27002 controls. 

Read More »