A model CISOs can use to measure and report the level of assurance being delivered by their technical security products and controls as part of a robust cyber defense.
Unlike earthquakes and lightning strikes, for which unimpeachable data exists, information security trends suffer from underreporting, environmental factors and subjectivity that call into question any sort
One of the great joys of being a leader in a large company is watching protégés achieve their career objectives, sometimes eclipsing the mentor in the
... or "Erick Hates Sports Analogies" In my Security Culture Manifesto, I hypothesized about a weak-at-best correlation between an organization's security spend and its desired
As the CISO's job has morphed from gatekeeper (no breaches!) to crisis manager (no outrageous breaches!), the questions boards and C*Os have learned to ask
Preparing for a Board of Directors meeting is one of the more intellectually stimulating aspects of a CISO's work. It's an entirely different conversation than the