Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Be a More Effective CISO by Aligning Security to the Business
Newest First  |  Oldest First  |  Threaded View
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:35:24 PM
Understand the Business
I think understanding business is first critical step of securing the business. So the article is making a good point.
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:33:31 PM
Re: More Effective CISO
The guidance may be finessed however the CEO must set the policy. This makes sense. Sometime CEO may choose to have more open system than a lucked down environment
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:30:55 PM
Re: More Effective CISO
Security priorities are different depending on where you sit in the C-Suite. This is a very good point. Some CEO would not care about security unless company get hit.
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:28:39 PM
Re: More Effective CISO
The concept of being more business minded is good but misses the mark I may agree with this. Business and security may not be aligned fully.
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:27:01 PM
Security and business
Security and business may not be aligned fully, sometime customers go with features that compromise security.
swdswan
swdswan,
User Rank: Apprentice
12/21/2017 | 1:50:10 PM
More Effective CISO
The concept of being more business minded is good but misses the mark. Security priorities are different depending on where you sit in the C-Suite. The CEO should have a perspective that spans the organization. They know what is critical to running the organization and what is the most important. That direction needs to be provided to the CSO/CISO. The guidance may be finessed however the CEO must set the policy. 

David Swan

 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-46826
PUBLISHED: 2022-12-08
In JetBrains IntelliJ IDEA before 2022.3 the built-in web server allowed an arbitrary file to be read by exploiting a path traversal vulnerability.
CVE-2022-46827
PUBLISHED: 2022-12-08
In JetBrains IntelliJ IDEA before 2022.3 an XXE attack leading to SSRF via requests to custom plugin repositories was possible.
CVE-2022-46828
PUBLISHED: 2022-12-08
In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible.
CVE-2022-46829
PUBLISHED: 2022-12-08
In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented.
CVE-2022-46830
PUBLISHED: 2022-12-08
In JetBrains TeamCity between 2022.10 and 2022.10.1 a custom STS endpoint allowed internal port scanning.