Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Be a More Effective CISO by Aligning Security to the Business
Oldest First  |  Newest First  |  Threaded View
swdswan
swdswan,
User Rank: Apprentice
12/21/2017 | 1:50:10 PM
More Effective CISO
The concept of being more business minded is good but misses the mark. Security priorities are different depending on where you sit in the C-Suite. The CEO should have a perspective that spans the organization. They know what is critical to running the organization and what is the most important. That direction needs to be provided to the CSO/CISO. The guidance may be finessed however the CEO must set the policy. 

David Swan

 
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:27:01 PM
Security and business
Security and business may not be aligned fully, sometime customers go with features that compromise security.
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:28:39 PM
Re: More Effective CISO
The concept of being more business minded is good but misses the mark I may agree with this. Business and security may not be aligned fully.
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:30:55 PM
Re: More Effective CISO
Security priorities are different depending on where you sit in the C-Suite. This is a very good point. Some CEO would not care about security unless company get hit.
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:33:31 PM
Re: More Effective CISO
The guidance may be finessed however the CEO must set the policy. This makes sense. Sometime CEO may choose to have more open system than a lucked down environment
Dr.T
Dr.T,
User Rank: Ninja
12/25/2017 | 8:35:24 PM
Understand the Business
I think understanding business is first critical step of securing the business. So the article is making a good point.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Developing and Testing an Effective Breach Response Plan
Whether or not a data breach is a disaster for the organization depends on the security team's response and that is based on how the team developed a breach response plan beforehand and if it was thoroughly tested. Inside this report, experts share how to: -understand the technical environment, -determine what types of incidents would trigger the plan, -know which stakeholders need to be notified and how to do so, -develop steps to contain the breach, collect evidence, and initiate recovery.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-33187
PUBLISHED: 2022-12-09
Brocade SANnav before v2.2.1 logs usernames and encoded passwords in debug-enabled logs. The vulnerability could allow an attacker with admin privilege to read sensitive information.
CVE-2022-38765
PUBLISHED: 2022-12-09
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter.
CVE-2022-41947
PUBLISHED: 2022-12-08
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated use...
CVE-2022-41948
PUBLISHED: 2022-12-08
DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an HT...
CVE-2022-23469
PUBLISHED: 2022-12-08
Traefik is an open source HTTP reverse proxy and load balancer. Versions prior to 2.9.6 are subject to a potential vulnerability in Traefik displaying the Authorization header in its debug logs. In certain cases, if the log level is set to DEBUG, credentials provided using the Authorization header a...