Filter By:

Type

Topic

Recent Blogs & Podcasts

Insights Portal

\ Management & Leadership 



April 12, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Set an Optimal Social Media Usage Policy

Like all things in infosec, social media usage policies must strive to balance security with business benefits. In this Ask-an-Expert written response, IANS Faculty Aaron Turner explains the pros and cons of strict vs. permissive social media policies and suggests the best path forward is to balance unfettered social media engagement with smart investments in SSL decryption and other monitoring solutions.

Read More »


April 3, 2018 | Budgeting

 Winning the Battle of the Budget

Our Winning the Battle of the Budget research began with two goals: Determine key obstacles (or battlefronts) in enterprise security budgeting, and identify methods and best practices used by successful infosec leaders to grease the budget skids. What we discovered along the way is an uneven battlefield, a place where winning and losing is tied to infosec support across the organization. Regardless of size, maturity or corporate heft, the approach to security budgeting looks different in organizations that inherently value information security and those that do not.

Read More »


March 12, 2018 | Risk Management
By Rich Guida, IANS Faculty

 Get Business Execs to Share Their Infosec Risk Concerns

Understanding what risks keep business execs up at night is the foundation of good information security, but how can you elicit this info and ensure execs remain engaged? In this Ask-an-Expert written response, IANS Faculty Rich Guida details a process that not only draws out executives' primary concerns but maps them to key infosec risks to gain better consensus - and funding.

Read More »


January 24, 2018 | Security Policies and Strategy
By Rich Guida, IANS Faculty

 Create a Security Roadmap from Scratch

Creating a security roadmap that both keeps the organization secure and gets top management on board is no easy feat. In this Ask-an-Expert written response, IANS Faculty Rich Guida explains how the best plans address an organization's most critical risks while showing agility and improvement over time. 

Read More »


January 17, 2018 | Recruiting, Hiring and Retention
By Josh More, IANS Faculty

 Perform Effective Background Checks at Scale

Screening potential U.S.-based employees is difficult enough, but scaling background checks across vendors and international employees is even more daunting. In this Ask-an-Expert written response, IANS Faculty Josh More details the various types of background checks available and common pitfalls to avoid when leveraging them. He also provides tips for expanding the program to encompass vendor employees and international workers, and a roadmap for automating the process over time.   

Read More »


January 2, 2018 | Security Policies and Strategy
By Aaron Turner, IANS Faculty

 Create a Workable Acceptable Use Policy for Social Media

Creating strong, fair acceptable use policies governing employees' social media usage, especially in this era of BYOD and remote workforces, is fraught with thorny privacy, legal and other issues. In this Ask-an-Expert written response, IANS Faculty Aaron Turner details the importance of combining employee consent with a clear code of conduct.

Read More »


December 19, 2017 | Risk Management
By Bruce Bonsall, IANS Faculty

 Get the C-Suite to Own Cyber Risk

The business owns all the business results and therefore owns all the risks, including those that fall under information security. But what's the best way to convince upper management of that? In this Ask-an-Expert written response, IANS Faculty Bruce Bonsall offers several proof points, including a long list of regulatory initiatives that explicitly hold top execs accountable for information security risk.

Read More »


December 18, 2017 | Security Policies and Strategy

 CISO Impact Firmographic

Security teams of all industries and organization sizes have a pressing need for funding to keep their programs effective. The CISO Impact Firmographic is a benchmarking tool that allows you to compare your security budget and team size to organizations of similar sizes in your industry, and it is based on our research with more than 1,000 information security teams.

Read More »


December 14, 2017 | Security Policies and Strategy
By Marcus Ranum, IANS Faculty

 Communicate Cybersecurity Vulnerabilities Effectively

Communicating cybersecurity vulnerabilities to customers can sometimes feel like more of an art than a science. In this Ask-an-Expert live interaction, IANS Faculty Marcus Ranum offers a clear blueprint for communicating effectively to ensure customers are protected and the organization does not face undue risk.

Read More »


December 11, 2017 | Security Policies and Strategy
By Dave Shackleford, IANS Faculty

 Create a Practical, Scalable Cloud Policy

As organizations start moving quickly to the cloud, getting the right cloud governance structure in place becomes paramount. In this Ask-an-Expert written response, IANS Faculty Dave Shackleford provides key considerations, sample language and optimal processes for ensuring your cloud policies will be workable both today and over the long term.

Read More »