IT News - Security

As the chief information security officer role rises in importance, so do the expectations of hiring organizations. These are the key qualities and skills recruiters are asked to look for.

"Looking for your next position as a CISO, preferably one with more pay, better benefits, and more on-the-job responsibilities/respect?" asks James Careless in CSO Online. "Then you need to know what skills and qualities prospective employers are seeking now from their CISO hires to maximize your chances of getting your dream job. Here are the top six attributes recruiters sayorganizations are looking for in a CISO..."

When it comes to minimum password length, 14-character passwords are generally considered secure, but they may not be enough to keep your enterprise safe.

Sharon Shea and Randall Gamby write in SearchSecurity, "The password has long been the most widely used mechanism for user authentication, but it has also long been the bane of security's existence by causing numerous attacks, hacks and breaches. In fact, the 2019 Verizon Data Breach Investigations Report reported 80% of hacking-related breaches can be linked to stolen and reused credentials..."

When the Cybersecurity and Infrastructure Security Agency debuted its list of known, exploited vulnerabilities in November, it was nearly 300 flaws long and came attached to an order for federal agencies to fix them quickly.

Tim Starks writes in Cyberscoop, "Now, as of this week, the catalog known as 'KEV' or the 'Must-Patch' list is well on its way to 800 listings, and it's the 'No. 1 topic' that CISA Executive Director for Cybersecurity Eric Goldstein says comes up in his frequent, daily meetings with businesses.

The reason, said Goldstein, is that the private sector has - without any order from his agency - adopted the KEV list as a guide for the vulnerabilities they focus on, rather than relying on the traditional open-source industry standard Common Vulnerability Scoring System for assessing the severity of software weaknesses..."

As the use of technology increases in every aspect of our daily lives, the rate of cyber attacks also grows exponentially. In today's world, organisations need to be highly equipped in their defences against cyberattacks so that they may better protect their assets, and it is here that the defence in depth approach is adopted.

"What is a defence in depth strategy?" writes Harman Singh in Security Boulevard.

"Defence in depth is an approach in cybersecurity that relies on using a layered and redundant defensive mechanism to protect assets from cyber attacks. This is done so that if an attack occurs and security measures fail, or a vulnerability is exploited, there is a fail-safe or backup protection layer to stop further infiltration.

This model is similar to a medieval castle with solid defences. Just as a castle has strong walls, motes and portcullis to keep out intruders, a cyber security infrastructure should use multiple layers of protection to keep data safe from hackers..."

Populated with point solutions that suck up investment and monopolise resources, the industry is fast falling out of love with the burgeoning cyber security stack.

"Verizon's Payment Security Report states that most organisations now have a multivendor environment of between 20 - 70 products for monitoring and detection," writes Andrew Lintell in Enterprise Times.

"Businesses are now actively looking to reduce these numbers.

Many realise that pouring their money into tools rather than solutions still leaves them vulnerable to attack. It's a sentiment echoed in a recent Twitter poll of UK and US security professionals. It found that a third of respondents thought they were 'throwing money at nothing'..."

Communication Is Key To CISO Success
DARKReading, June 6th, 2022
A panel of CISOs at the RSA Conference outlined what a successful first 90-day plan looks like, and it boiled down to effective communication and listening.

Becky Bracken writes in DARKReading, "A trio of high-powered CISOs talked about the first 90 days in their roles, and whether the aim was getting board of directors' buy-in or building rank-and-file credibility, they all said how they communicated was what mattered the most.

The RSAC panel included Allison Miller, Reddit's CISO and VP of Trust; Olivia Rose, Amplitude's CISO and VP of IT; and Caleb Sima, CISO for Robin Hood. Chenxi Wang, founder of the Rain Capital venture capital fund, moderated the discussion..."

See all Archived IT News - Security articles See all articles from this issue