Boards of directors continue to overlook IT risk management, security and privacy as a top agenda item, says Jody Westby of Carnegie Melon CyLab. Where are the organizational gaps that need to be filled?
Whether intentional or not, software features have the potential to leak sensitive information, corrupt data or reduce system availability. The National Institute of Standards and Technology's latest guidance aims to help organizations minimize vulnerabilities.
At a time when information security sees record growth - in every sector, there are more open positions than professionals to fill them - ISMG's new Job Board offers new resources to job seekers and employers alike.
Programs from Carnegie Mellon and the University of Maryland come at a time when organizations not only can't find enough IT security professionals to hire to meet their needs, but often lack the leadership to oversee IT security initiatives.
"If I came into this job thinking the way I once thought, I'd be worthless," RSA Chief Information Security Officer Eddie Schwartz says. "If your playbook as CISO has not changed in the last seven years ... you're in deep trouble."
Acquiring information security wares gets more complicated every day - some 1,000 vendors offer 150 categories of products - so it's unreasonable to expect even the most informed chief information security officers to know everything about them.