Risk
3/3/2014
09:30 AM
50%
50%

How To Fund Enterprise Cybersecurity: CISO Tips

How do you ensure funding for enterprise cybersecurity? Help C suite execs understand the true nature of cyberattacks.

How do you get corporate funding for cybersecurity when it's so challenging to measure and report ROI to your C suite and board of directors?

This was one of the many topics discussed by chief information security officers on several panel sessions we attended last week at the RSA Conference in San Francisco.

During a session entitled "Aligning Cyber Security Personnel & Processes," Greg Schaffer, CISO of Circumference Group and a former Fidelity Investments CSO, summed up the dilemma this way: "The fact that you haven't had an incident is not an indication that you are secure. The fact that you have had an incident is not an indication that you're less secure."

How do you find the right metrics to report to your business-side executives? We can draw some lessons from the process outlined by Gary Gagnon, senior VP, CSO, and corporate director of cybersecurity for Mitre Corp. His team provides a monthly executive-level metric report featuring seven or eight briefing charts. He explained these charts and the information they show.

Read the rest of this article on Enterprise Efficiency.

Susan Nunziata leads the site's content team and contributors to guide topics, direct strategies, and pursue new ideas, all in the interest of sharing practicable insights with our community.Nunziata was most recently Director of Editorial for EnterpriseEfficiency.com, a UBM ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3308
Published: 2015-09-02
Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution point.

CVE-2015-4330
Published: 2015-09-02
A local file script in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges for OS command execution via invalid parameters, aka Bug ID CSCuv10556.

CVE-2015-6274
Published: 2015-09-02
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.

CVE-2015-6277
Published: 2015-09-02
The ARP implementation in Cisco NX-OS on Nexus 1000V devices for VMware vSphere 5.2(1)SV3(1.4), Nexus 3000 devices 7.3(0)ZD(0.47), Nexus 4000 devices 4.1(2)E1, Nexus 9000 devices 7.3(0)ZD(0.61), and MDS 9000 devices 7.0(0)HSK(0.353) and SAN-OS NX-OS on MDS 9000 devices 7.0(0)HSK(0.353) allows remote...

CVE-2015-6587
Published: 2015-09-02
The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC.

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.