To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders – the IT and line-of-business executives responsible for information security in their enterprises. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, many did not. The Center supplemented this quantitative research through in-depth conversations with 25 information security leaders.
Participation spanned a broad range of industries and seven different countries. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees.
The results of this year’s Internal Audit Capabilities and Needs Survey show that, not surprisingly, cybersecurity represents a major focus for internal audit programs, but it is far from the only pressing issue on internal audit’s plate
In January-February 2016, the EIU, surveyed 1,100 senior executives on data security practices within their firms. The survey’s primary objective was to analyse the differences, if any, between the C-suite and senior IT executives on data security.
The survey sample was recruited from companies with between $500 million and $10 billion in revenues, and is equally representative of the Americas, Asia-Pacific and European regions. The panel came from 20 industries, with no single industry accounting for more than 14% of the total.
This was a survey of senior executives. The C-suite segment, sometimes referred to herein as senior management or corporate leadership, consisted exclusively of C-suite executives (eg CEOs, CFO, COOs). The security segment, sometimes referred to herein as the security executives, consisted of the CIO and those who identified themselves as Chief Data Officers or Chief Information Security Officers (CISOs).
Each panel was asked an identical set of 20 questions, and the results have been reviewed for insight and commentary by a panel of independent experts.
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
The results of this year’s Internal Audit Capabilities and Needs Survey show that, not surprisingly, cybersecurity represents a major focus for internal audit programs, but it is far from the only pressing issue on internal audit’s plate
In January-February 2016, the EIU, surveyed 1,100 senior executives on data security practices within their firms. The survey’s primary objective was to analyse the differences, if any, between the C-suite and senior IT executives on data security.
The survey sample was recruited from companies with between $500 million and $10 billion in revenues, and is equally representative of the Americas, Asia-Pacific and European regions. The panel came from 20 industries, with no single industry accounting for more than 14% of the total.
This was a survey of senior executives. The C-suite segment, sometimes referred to herein as senior management or corporate leadership, consisted exclusively of C-suite executives (eg CEOs, CFO, COOs). The security segment, sometimes referred to herein as the security executives, consisted of the CIO and those who identified themselves as Chief Data Officers or Chief Information Security Officers (CISOs).
Each panel was asked an identical set of 20 questions, and the results have been reviewed for insight and commentary by a panel of independent experts.
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
As businesses continue to adopt new cloud and mobile functionality rapidly, we find the
edges of the network even more blurred, and our definitions of data ownership and breach
responsibility continue to evolve. Staffing and training continue to be the foremost challenge
of the modern SOC. This is paving the way to hybrid staffing models and hybrid infrastructures
that require less in-house expertise. As a result, highly skilled security team members can then
be utilized for a more specialized hunt and analytics-focused work.
There is no question this year has been both an exciting and challenging time to be in the field
of cyber security. On one hand, it is disheartening to see the continued decline in the maturity
and effectiveness of security operations, while, on the other, I know that we are in the middle
of an exciting and transformative change in our field. You can feel it. We must go where the
data leads us, and we believe that is to widen our definition of security operations to leverage
analytics, data science, Big Data, and shared intelligence to become more effective in protecting
today’s digital enterprise.
This global study, conducted by the Economist Intelligence Unit (EIU) and sponsored by Palo Alto Networks, sheds light on the ways business leaders are dealing with the increasing volume of threats they face from insecurities that arise because of disruption beyond their corporate borders.
For in-depth interviews from industry leaders on how companies are combating security threats, go to https://goo.gl/fXcnLN
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
Developing Metrics for Information Security Governancedigitallibrary
Information security has become a critical issue within organizations, and a key success factor for businesses. To effectively maintain the integrity and security of an organization's information infrastructure effective security metrics and measures must be developed, implemented and monitored. Learn about enterprise security metrics and the concepts that must be considered when developing, implementing, and monitoring them. Understand how to identify measurable points and activities, develop meaningful metrics and measures and monitor concepts. Case studies and scenarios demonstrate operational scenarios for the benefits and challenges of securing information.
Estudio de Russell Reynolds Associates sobre ciberseguridad que explora la importancia de la relación entre el Chief Information Security Officer y el Consejo de Administración.
For Corporate Boards, a Cyber Security Top 10David X Martin
Corporate boards of directors have a fiduciary duty to understand and oversee cyber security. For most effective oversight, boards should approach cyber security from a good management-practices perspective rather than a technical perspective.
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches.
About RSA Security Brief :
RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners.
Read More via
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
Assessing and Managing IT Security RisksChris Ross
Data privacy and protection has become the gold standard in IT. Scale Venture Partners and Wisegate share what they learned from over 100 IT professionals questioned about the risks and technology trends driving their security programs. Read about the move towards data centric security and the need for improvement in automated security controls and metrics reporting.
This global study, conducted by the Economist Intelligence Unit (EIU) and sponsored by Palo Alto Networks, sheds light on the ways business leaders are dealing with the increasing volume of threats they face from insecurities that arise because of disruption beyond their corporate borders.
For in-depth interviews from industry leaders on how companies are combating security threats, go to https://goo.gl/fXcnLN
Cyber-criminals are assaulting every part of the enterprise. But not all cyber-attacks are created equal. In the minds of senior executives, the greatest danger of cyber-attacks is damage to the reputation of the firm with its customers.
Digital has increased businesses’ cybersecurity risk – and yet few have elevated security to a senior leadership concern, according to our recent research. Here’s what businesses are thinking about cybersecurity, and a framework for strengthening their security strategies.
Developing Metrics for Information Security Governancedigitallibrary
Information security has become a critical issue within organizations, and a key success factor for businesses. To effectively maintain the integrity and security of an organization's information infrastructure effective security metrics and measures must be developed, implemented and monitored. Learn about enterprise security metrics and the concepts that must be considered when developing, implementing, and monitoring them. Understand how to identify measurable points and activities, develop meaningful metrics and measures and monitor concepts. Case studies and scenarios demonstrate operational scenarios for the benefits and challenges of securing information.
Estudio de Russell Reynolds Associates sobre ciberseguridad que explora la importancia de la relación entre el Chief Information Security Officer y el Consejo de Administración.
For Corporate Boards, a Cyber Security Top 10David X Martin
Corporate boards of directors have a fiduciary duty to understand and oversee cyber security. For most effective oversight, boards should approach cyber security from a good management-practices perspective rather than a technical perspective.
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
The new RSA Security Brief highlights that basic security lapses still contribute to most security incidents. The report identifies top areas for improvement and provides practical guidance on measures that deliver the greatest impact on organizations' ability to respond to cyber attacks and data breaches.
About RSA Security Brief :
RSA Security Briefs provide security leaders and risk management executives with essential guidance on today's most pressing information security threats and opportunities. Each Brief is created by a select team of experts who connect experiences across organizations to share specialized knowledge on a critical security topic. Offering both big-picture insight and practical technology guidance, RSA Security Briefs are vital reading for today's forward-thinking security and risk management practitioners.
Read More via
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
Managing risk is a balancing act for organizations of all sizes and disciplines. While some organizations take on too much risk, others arguably do not take on enough. Complicating this equation is the emergence of cyber as one of the most impactful sources of risk in the modern enterprise
Assessing and Managing IT Security RisksChris Ross
Data privacy and protection has become the gold standard in IT. Scale Venture Partners and Wisegate share what they learned from over 100 IT professionals questioned about the risks and technology trends driving their security programs. Read about the move towards data centric security and the need for improvement in automated security controls and metrics reporting.
Ibm Smart Business Overview Jimmy MillsJimmy Mills
IBM has been talking about our vision for a smarter planet for close to a year now- and working with thousands of clients - with great success and traction taking hold. Every industry is experiencing the benefits, and feeling the challenges, being presented by a smarter planet that is more instrumented, interconnected and intelligent.
An example is cloud computing: The economics driving cloud computing is not new technologies. Rather it is the combination of existing technologies with a focus on the end user. Virtualization drives higher utilization which lowers capital and operating expenses. Standardization also reduces capital and labor costs, while automation drives enhance user experience and automates many manual tasks to reduce errors and reduce the costs associated with managing an environment.
IBM Managed File Transfer Portfolio - IBMImpact 2014Leif Davidsen
The data held in files can represent some of the most valuable assets that a business has. If this data is trapped in a file in a remote system then it loses value. IBM has recently updated its portfolio of Managed File Transfer offerings, simplifying choice for the business user and offering better value for money, while extending the access to this valuable data. Here about different managed file transfer use cases and suggested solutions
New information strategy, Advanced Case Management (IBM Information Management)IBM Danmark
Læs mere om strategien bag IBM’s nylancerede Advanced Case Management-løsning, og lær hvordan den kan skabe konkrete forretningsmuligheder for din virksomhed.
Læs mere her: bit.ly/softwaredagim1
This presentation was shared on PAS Digital Marketing Conference "Dig-It 2.0"
Presentation: Brand Planning Roadmap for Digital Success
Session name: Integrated Digital Brand Planning
Speaker: Salman Abedin, Consultant & Masters Programme, Media Sciences, SZABIST.
QRadar & XGS: Stopping Attacks with a Click of the MouseIBM Security
View on-demand: https://securityintelligence.com/events/qradar-xgs-stopping-attacks-click-mouse/
As the tactics and techniques behind attacks continue to advance and evolve, organizations need a faster way to identify and prevent those attacks in real time. An integrated approach to security can make this a reality, especially when integrations are designed to proactively disrupt the lifecycle of advanced attacks through shared security intelligence and enabling organizations to take immediate action based on that intelligence.
In this session you will learn how IBM QRadar Security Intelligence Platform and IBM Security Network Protection (XGS), a next-generation IPS, work together to disrupt the attack chain and improve network security.
Join IBM Security product expert Craig Knapik as he shares how the QRadar and XGS integration enriches overall security intelligence and improves threat detection, while enabling security professionals to block threats immediately with a simple click of the mouse.
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
Learn about Sogeti’s journey of creating a new Security Operation Center, and how and why we leveraged QRadar solutions. We explore the full program lifecycle, from strategic choices to technical analysis and benchmarking on the product. We explain how QRadar accelerates the go-to-market of the SOC, and how we embed IBM Security Intelligence offerings in our solution. Having a strong collaboration between different IBM stakeholders such as Software Group, Global Technology Services, as well as the Labs, was key to client satisfaction and operational effectiveness. We also show the value of integrating new QRadar features in our SOC roadmap, in order to constantly stay ahead in the cyber security game.
This presentation outlines the Sales Territory Planning process I have developed and refined over 20 years of Enterprise Sales experience across Asia Pacific.
This is the product and services portfolio of IBM Security, which is one pillar of IBM CAMSS strategy. Products in portfolio are still moving during early 2015 due to re-portfolio of IBM. However, it will be categorized in 2 major parts.
1) IBM Security Products : all security software and appliance
2) IBM Security Services : all security services, including Cloud security.
The State of Sales & Marketing at the 50 Fastest-Growing B2B CompaniesMattermark
There’s a lot of information out there for sales and marketing professionals. In fact, as our friend Erik Devaney at Drift.com points out, a quick search of the term “sales and marketing advice” yields more than 90 million results on Google.
What’s more, there are tons of industry influencers who, on a regular basis, share their views on everything from content marketing and sales, to pricing and customer success. It’s a noisy conversation, and for many, a confusing one.
So, how do you make sense of it all?
By focusing on the sales and marketing efforts that actually produce results, not flash-in-the-pan engagement. But finding those results is a little challenging. That’s why we decided to put together our latest report with Drift.com, The State of Sales and Marketing at the 50 Fastest-Growing B2B Companies.
Using Mattermark data, we were able to identify the fifty high-growth companies in the U.S. and evaluate their marketing activities to understand which practices really moved the needle. In order to make the qualitative portion of our research more tangible, we evaluated each company on the list in light of how they approached content, customer communication, path to purchase, and pricing.
What we and the team at Drift.com discovered was surprising, to say the least.
Russell Reynolds Associates aborda cinco cuestiones de liderazgo en materia de ciberseguridad que los Consejos de Administración y los ejecutivos deben preguntarse. Estas cuestiones abarcan diversos aspectos, desde el nivel de preparación del Consejo hasta la gestión del talento para proteger el negocio de una forma integral.
To better understand how organizations manage the planning and securing of their digital assets, McAfee, Inc. retained Evalueserve to conduct an independent assessment of how organizations manage their security policies and processes, and what threats are perceived to pose the greatest
risk to their business. This global study of Enterprise-class organizations highlights how IT decision makers view the challenges of securing information assets in a highly regulated and increasingly complex global business environment. It is also forward-looking, revealing companies’ IT security priorities around processes, practices and technology for 2012 and beyond.
Who is responsible for security in the enterprise? Every company takes a different approach, but in many cases, accountability and authority do not reside in the same role. When this happens, it’s hard to tell who is responsible for securing digital assets. No wonder executives are worried.
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
Business theft and fraud have morphed into significant new threats as companies battle well-funded, highly motivated digital adversaries. Cyber defense rules have clearly changed.
Executive leaders must recognize how exposed their organizations are today and take steps to establish a holistic, end-to-end security strategy capable of protecting their most valuable assets and business operations.
Information Security assessment of companies in Germany, Austria and Switzerland, February 2015.
Every day critical security incidents show the drastic extent of "successful" cyber attacks for organizations in terms of monetary and material loss. With increasing use of digital technologies and the growing spread of mobile and IoT cyber security is becoming a key factor for companies’ successful digital transformation. To analyze current challenges, trends and maturity of companies state of information security, Capgemini Consulting DACH conducted a survey in Germany, Austria and Switzerland. The 2014 Information Security Benchmarking Study shows that information security is insufficiently embedded in most companies‘ business strategy and operations to effectively safeguard organizations against current cyber threats.
https://www.de.capgemini-consulting.com/resources/information-security-benchmarking
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
Learn how cognitive security may be a powerful tool in addressing challenges security professionals face.
New capabilities for a
challenging era
Security leaders are working to address three gaps
in their current capabilities
—
in intelligence, speed
and accuracy. Some organizations are beginning to
explore the potential of cognitive security solutions
to address these gaps and get ahead of their risks
and threats. There are high expectations for this
technology. Fifty-seven percent of the security
leaders we surveyed believe that it can significantly
slow the ef forts of cybercriminals. The 22 percent of
respondents who we call “Primed” have started their
journey into the cognitive era of cybersecurity
—
they
believe they have the familiarity, the maturity and the
resources they need. To begin the journey, it is
important to explore your weaknesses, determine
how you want to augment your capabilities with
cognitive solutions and think about building education
and investment plans for your stakeholders.
Under cyber attack: EY's Global information security survey 2013EY
Under cyber-attack, EY's 16th annual Global Information Security Survey 2013 tracks the level of awareness and action by companies in response to cyber threats and canvases the opinion of over 1,900 senior executives globally. This year’s results show that as companies continue to invest heavily to protect themselves against cyber-attacks, the number of security breaches is on the rise and it is no longer of question of if, but when, a company will be the target of an attack.
For further information, visit: http://www.ey.com/GL/en/Services/Advisory/Cyber-security
Cyber-security is the number one technology issue in the C-suite and Board Room. No wonder that many senior executives are asking what they can be doing to stem the tide of cyber-attacks on their firms.
1. How often do you see non-sanctioned cloud services in use?
2. Are we protecting ourselves against insider threats?
3. Do we have a cyber security task force in place?
4. Is our BYOD policy secure?
5. Do you feel limited by your security budget or staff size?
Security has risen to the top of the agenda amongst most C-suite executives and boards of directors today. Rapidly evolving security threats pose an ongoing, central challenge, as companies and governments face an increasingly sophisticated threat environment.
Accenture collaborated with the Ponemon Institute, LLC to explore the success factors of companies that demonstrated measurable improvement in security effectiveness over a period of two years. Find out how leapfrog organizations are improving their security posture and more quickly detecting security threats.
Automation: Embracing the Future of SecOpsIBM Security
Join Mike Rothman, Analyst & President of Securosis and Ted Julian, VP of Product Management and co-founder of IBM Resilient, for a webinar on common automation use cases for the Security Operations Center (SOC).
Security Orchestration, Automation and Response (SOAR) tools are garnering interest in enterprise security teams due to tangible short-term benefits.
Watch the recording: https://event.on24.com/wcc/r/2007717/385A881A097E8EFCE493981972303416?partnerref=LI
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
The fourth annual Ponemon report on The Cyber Resilient Organization in 2019, sponsored by IBM Security, focuses on the key trends that make an organization cyber resilient and how cyber resilience has changed since the first report launched in 2015.
Hosted by Larry Ponemon of the Ponemon Institute and Maria Battaglia, IBM Security, these two industry experts answer the questions, what has improved in the cyber security space over the past 4 years? What do organizations still struggle with? And which groups are improving and how?
This webinar will take you through the barriers of becoming cyber resilient and dive into report topics such as implementing automation, aligning privacy and cyber security, and what it takes to become a cyber resilient “High Performer” in 2019.
Listen to the on-demand webinar at: https://event.on24.com/wcc/r/1975828/97089502D02EFD9478B85676EB67266C?partnerref=FM1
Bridging the Gap between Privacy and Security: Using Technology to Manage Com...IBM Security
Data breach and Cybersecurity incident reporting regulations are becoming more widespread. The introduction of GDPR in May 2018, with its 72-hour reporting requirement, resulted in organizations having to review their incident response processes and more regional and industry-specific regulations are being introduced all the time. Security Operations and Privacy teams need to be aligned to meet these new requirements. Technology such as Security Orchestration and Automation is also being adopted to collaborate on the investigation and remediation of security incidents.
This webinar, hosted by Privacy experts from Ovum and IBM, will look at how technology can close the gap between Privacy and Security to reduce the time to contain incidents and maintain compliance with complex breach laws.
View the recording: https://event.on24.com/wcc/r/1930112/BE462033358FFF36C4B27F76C9755753?partnerref=LI
Integrated Response with v32 of IBM ResilientIBM Security
Email integration is an important tool in the IR process. Email ingestion allows alerts to be consumed from external tools that do not have available APIs. Email-driven phishing attacks are also one of the most common investigations for most security teams. A key capability v32 of the Resilient platform is a complete overhaul of the email connector. This updated email capability, now integrated into the core Resilient platform, simplifies the ability of IR teams to capture email-borne malware of phishing attacks and generate incidents and artifacts.
View the corresponding webinar to learn how the new features in the v32 release can help improve your integrated response to attacks and how native email integration can be leveraged as part of workflows and playbooks. You'll also learn what to expect with the updated look and feel of the Resilient platform and significant updates to the Privacy Module to support global regulations.
View the recording: https://ibm.biz/Bd2Yvt
The Resilient End-of-Year Review: The Top Cyber Security Trends in 2018 and P...IBM Security
In IBM Resilient’s sixth-annual year-in-review and predictions webinar, our all-star panel of security experts will discuss and debate the stories that defined the industry in 2018 and offer their predictions for what to expect in 2019.
Leveraging Validated and Community Apps to Build a Versatile and Orchestrated...IBM Security
IBM Resilient customers are building versatile, adaptable incident response playbooks and workflows with expanded functions and community applications – recently released on the IBM Security App Exchange.
With the new IBM Resilient community, you can collaborate with fellow security experts on today’s top security challenges, share incident response best practices, and gain insights into the newest integrations.
Accelerating SOC Transformation with IBM Resilient and Carbon BlackIBM Security
Security Operation Centers (SOCs) today are complex environments. They often have too many separate tools, uncoordinated analysts in the response process, and confusion around alert prioritization. Because of this, SOCs consistently struggle responding to the most urgent incidents.
The integration between IBM Resilient and Carbon Black helps SOCs overcome these challenges. IBM Resilient’s Intelligent Orchestration combined with Carbon Black Response provides a single view for all relevant response data and streamlines the entire security process. This makes it simpler for analysts to quickly and efficiently remediate cyberattacks.
Join experts Chris Berninger, Business Development Engineer, Carbon Black, and Hugh Pyle, Product Manager, IBM Resilient, for this webinar, to learn:
- How the IBM Resilient-Carbon Black integration works within your SOC to accelerate incident response improvement
- Strategies to implement Intelligent Orchestrate and automation into your incident response process
- Actions that can be taken today for maximizing the effectiveness of your SOC
How to Build a Faster, Laser-Sharp SOC with Intelligent OrchestrationIBM Security
To keep pace with cyberattacks, organizations have long sought ways to operationalize security and respond faster to threats. But with increasingly complex IT environments and a growing skills shortage, doing so is easier said than done.
That’s where Intelligent Orchestration can help. Intelligent Orchestration integrates your existing security tools and guides SOC analysts through a fast and laser-focused response by combining case management, human and cyber intelligence, and incident response orchestration and automation.
Are You Ready to Move Your IAM to the Cloud?IBM Security
Many companies are considering moving their current identity and access management (IAM) implementations to the cloud, or they are looking at the cloud for their new IAM use cases. This might be driven by the threat of attacks via identities, increasing compliance mandates, expanding needs of end users for frictionless data access or improving the total cost of ownership.
View this presentation and watch the corresponding webinar to help you determine whether your organization is ready to move to IDaaS.
Orchestrate Your Security Defenses to Optimize the Impact of Threat IntelligenceIBM Security
Although the majority of organizations subscribe to threat intelligence feeds to enhance their security decision making, it's difficult to take full advantage of true insights due to the overwhelming amounts of information available. Even with an integrated security operations portfolio to identify and respond to threats, many companies don't take full advantage of the benefits of external context that threat intelligence brings to identify true indicators of compromise. By taking advantage of both machine- and human-generated indicators within a collaborative threat intelligence platform, security analysts can streamline investigations and speed the time to action.
Join this webinar to hear from the IBM Security Chief Technology Officer for Threat Intelligence to learn:
How the IBM Security Operations and Response architecture can help you identify and response to threats faster
Why threat intelligence is a fundamental component of security investigations
How to seamlessly integrate threat intelligence into existing security solutions for immediate action
Your Mainframe Environment is a Treasure Trove: Is Your Sensitive Data Protec...IBM Security
Businesses and governments alike are experiencing an alarming rate of malicious activity from both external and internal actors.
Not surprisingly, mission-critical mainframe applications make for desirable targets with large repositories of enterprise customer sensitive data. Mainframe environments are increasingly at risk opening accesses through the internet, mobile initiatives, big data initiatives, social initiatives, and more to drive the business forward. Additionally, there are some security challenges that are specific to the mainframe - traditional protection methods are no longer enough, insider threats are also on the rise, mainframe environments could be more vulnerable with reliance on privilege users to administer security, silo-ed mainframe IT management, limited ownership visibility, and lack of uniformed security management across the enterprise.
View this on-demand webcast to learn more about specific mainframe data protection challenges, top tips for protecting sensitive data, and key data protection capabilities that you should consider to address these challenges.
Register here for the playback: https://event.on24.com/wcc/r/1461947/D9664CC82EC641AA58D35462DB703470
Meet the New IBM i2 QRadar Offense Investigator App and Start Threat Hunting ...IBM Security
When your cyber security is under attack, knowing who is behind your threats and what their motives are can help you ensure those threats don't become a reality. But cyber threat actors conduct their threats through a variety of means and for a variety of reasons. That's why it is critical to analyze a variety of data sources and proactively hunt those threats that are lying in wait. This webinar will illustrate how the IBM i2 QRadar Offense Investigator app enables analysts to push event data from QRadar directly into IBM i2 Analyst's Notebook, where users can apply a variety of visual analysis techniques across a disparate data sources, to build a more comprehensive understand of those threats and hunt them.
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost ...IBM Security
Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
WannaCry Ransomware Attack: What to Do NowIBM Security
View on-demand webinar: http://bit.ly/2qoNQ8v
What you need to know and how to protect against the WannaCry Ransomware Attack, the largest coordinated cyberattack of its kind. WannaCry has already crippled critical infrastructure and multiple hospitals and telecommunications organizations, infecting 100s of thousands of endpoints in over 100 countries. In this on-demand webinar, we discuss the anatomy of this unprecedented attack and IBM Researchers share expert insights into what you can do now to protect your organization from this attack and the next one.
How to Improve Threat Detection & Simplify Security OperationsIBM Security
Over 74% of global enterprise security professionals rate improving security monitoring as a top priority. Monitoring must be done efficiently within a security operations center (SOC) to combat increased threats and a limited supply of trained security analysts.
While the vendor landscape for security solutions is rapidly evolving, many early point solutions and first generation SIEMs are not keeping pace with the changing needs of security operations. A new class of platforms has emerged that combine advanced analytics and flexible deployment options. Join this exclusive webinar featuring Forrester Research to learn:
Characteristics of modern security platforms that have evolved from point solutions and basic SIEMs
Criteria to consider when evaluating vendors and solutions
The advantages of an integrated security platform that incorporates cognitive capabilities and augmented intelligence
Organizations are supporting more devices than ever and unified endpoint management is growing rapidly. More than half of organizations will adopt this approach by 2020.
This infographic demonstrates the impact of mobility, Internet of Things (IoT), and artificial intelligence on the future of business transformation.
To learn more, read the complete Forrester report, "Mobile Vision 2020" at https://ibm.co/2pxhisB.
Retail Mobility, Productivity and SecurityIBM Security
Displaying key findings from the Mobility Trends in the Retail Sector research report prepared by Enterprise Strategy Group (ESG) and IBM, this infographic affords valuable context to retail organizations in planning a better tomorrow.
IBM X-Force Incident Response and Intelligence Services (X-Force IRIS) can help you cross the incident response chasm, build a holistic program and better prepare you to deal with and thwart the security challenges your organization faces.
To learn more, read the white paper on best practices for improving your incident response processes: http://ibm.co/2lLdC2k.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 3
Insights from the IBM Chief Information Security Officer Assessment
1. IBM Center for Applied Insights
Finding a strategic voice
Insights from the 2012 IBM Chief Information Security Officer Assessment
2. To obtain a global snapshot of security leaders’ strategies and
approaches, the IBM Center for Applied Insights conducted
double-blind interviews with 138 security leaders –the IT
and line-of-business executives responsible for information
security in their enterprises. Some of these leaders carried the
title of Chief Information Security Officer (CISO), but given the
diversity of organizational structures, many did not. The Center
supplemented this quantitative research through in-depth
conversations with 25 information security leaders.
Participation spanned a broad range of industries and seven
different countries. Nearly 20 percent of the respondents
lead information security in enterprises with more than
10,000 employees; 55 percent are in enterprises with 1,000
to 9,999 employees.
This study–along with other security and risk management
resources for CIOs and CISOs–is available from ibm.com/
smarter/cai/security.
About
the study
3. IBM Center for Applied Insights 3
“Security leaders are becoming more closely
integrated into the business – and more
independent of information technology.”
– Senior VP of IT, Energy and Utilities3
The changing security landscape:
What we learned
Charged with protecting some of the enterprise’s most
valuable assets–money, customer data, intellectual property
and even its brand–security leaders are under intense
pressure. Our study findings point to major shifts in attitudes
and clear recognition of the strategic importance of
information security:
• Business leaders are increasingly concerned with security
issues. Nearly two-thirds of security leaders say their senior
executives are paying more attention to security today than
they were two years ago, due in large part to media attention.
• Budgets are expected to increase. Two-thirds of security
leaders expect spending on information security to rise
over the next two years. Of those, almost 90 percent antici-
pate double-digit growth. One in ten expects increases of
50 percent or more.
• Attention is shifting toward risk management. In two
years, security leaders expect to be spending more of their
time on reduction of potential future risk, and less on
mitigation of current threats and management of regulatory
and compliance issues.
With explosive growth in connectivity and
collaboration, information security is becoming
increasingly complex and difficult to manage.
Yet, some security organizations are rising to
the challenge. Our research reveals a distinct
pattern of progression–and distinguishing traits
of those that are most confident and capable.
These forward-thinkers are taking a more
proactive, integrated and strategic approach to
security, highlighting models worth emulating
and the emerging business leadership role of
the Chief Information Security Officer (CISO).
In today’s hyper-connected world, information security is
expanding beyond its technical silo into a strategic, enterprise-
wide priority. It takes only a glance at news headlines to see
why. In 2011, the corporate world experienced the second-
highest data loss total since 2004.1
Security leaders are navigating a period of significant change.
IT is no longer confined to the back office or even the enter-
prise. Entire value chains, from suppliers to customers, are
electronically connected and collaborating as never before.
Devices and ways of accessing information are proliferating.
The number of mobile workers is expected to reach 1.3 billion
by 2015. At the same time, mobile security threats are
increasing–up almost 20 percent in 2011.2
It all adds up to
much greater vulnerability.
While many organizations remain in crisis response mode,
some have moved beyond a reactive stance and are taking
steps to reduce future risk. They see themselves as more
mature in their security-related capabilities and better prepared
to meet new threats. What have these enterprises done to
create greater confidence? More importantly, can their actions
show the way forward for others?
4. 4 Finding a strategic voice
“Security leaders are more accountable to the
business now. Their audience is expanding.”
– CIO, Insurance
How prepared are organizations…really?
When security leaders rank themselves on their organizations’
maturity and their ability to handle or avoid a breach, three
types of organizations emerge, as shown in Figure 1:
• Influencers–This group’s members, 25 percent of those
surveyed, see their security organizations as progressive,
ranking themselves highly in both maturity and prepared-
ness. These security leaders have business influence and
authority–a strategic voice in the enterprise.
• Protectors–Comprising almost half of our sample, these
security leaders recognize the importance of information
security as a strategic priority. However, they lack important
measurement insight and the necessary budget authority to
fully transform their enterprises’ security approach.
• Responders–This group remains largely in response mode,
working to protect the enterprise and comply with regulations
and standards but struggling to make strategic headway. They
may not yet have the resources or business influence to drive
significant change.
Knowing that some companies are very confident while others
see gaps raises an important question. What are Influencers
doing differently?
• External threats are the primary security challenge.
Drawing far more attention than internal threats, technology
introduction or regulatory compliance, outside threats top
the list of security concerns.
• Mobile security is a major focus. Given increasingly mobile
workforces and the high rate of wireless device adoption,
more than half of security leaders say mobile security will be
their major technology challenge over the next two years.
Across the board, we saw general agreement on the heightened
importance of information security. And most companies
report having a centralized security function. However,
looking deeper–at the actions, plans and strategies of security
leaders–we found great disparity in how organizations are
actually implementing “centralized” security.
Figure 1: Only one-quarter of security leaders believe their organizations are
mature and have high confidence in their ability to avoid or contain a breach.
Self-assessment of maturity and preparedness
Breachpreparedness
HighSecurity organization maturityLow
HighLow
Influencers 25%
Protectors 47%
Responders 28%
= 5 respondents
5. IBM Center for Applied Insights 5
CIO (30%)
IT VP/Director/Manager (24%)
CFO (18%)
New security
technology (46%)
Updating business
processes (36%)
CIO (32%)
CFO (20%)
CEO (20%)
Employee education (53%)
New security
technology (42%)
Security profiles
Responders
Dedicated CISO
Security/risk committee
Budget line item
Budget authority
Increased leadership attention
Regular board topic
Primary focus over next two years
Standardized metrics
Structure
and management
Organizational reach
Measurement
InfluencersProtectors
26%
26%
27%
50%
22%
26%
42%
52%
45%
68%
58%
43%
CIO (26%)
CEO (26%)
CISO (13%)
Employee education (59%)
Communications/
collaboration (24%)
56%
68%
71%
77%
60%
59%
Figure 2: Influencers are much more likely to have elevated information security to a strategic priority.
What makes Influencers stand out
Interestingly, these three security segments are not skewed
toward certain demographics. The mix of industries, geo-
graphies and enterprise sizes is generally consistent across
all groups. The key differences are found in their information
security profiles–their structure, scope and accountability.
Through an analysis of security leaders’ responses, we
discovered a distinct pattern of evolution among security
organizations (see Figure 2)–and the distinguishing traits
of those that are most advanced.
“Information security leaders will have a
much larger say in the matter; influence and
decision-making power within the company
will grow.”
– IT Division Head, Media and Entertainment
6. 6 Finding a strategic voice
Structure and management
Because their senior management teams recognize the need
for a coordinated approach, organizations in the Influencer
group are more likely to appoint a CISO–a dedicated leader
with a strategic, enterprisewide purview. Influencers also tend
to have a security steering committee headed by a senior
executive, often the CISO. The committee’s main charter is to
evaluate security issues holistically and develop an integrated
enterprise strategy. It is responsible for systemic changes that
span functions, including legal, business operations, finance,
human resources and more.
The vast majority of Influencers benefit from a dedicated
security budget line item supporting their efforts. Across
the full sample, CIOs typically control the information
security budget. However, among Protector and Influencer
organizations, investment authority lies with business leaders
more often. In fact, Influencers say CEOs are just as likely as
CIOs to be steering their information security budgets.
Among Responders, CISOs and steering committees are less
common, which suggests their approach to security is more
tactical and fragmented. The lack of a dedicated budget line
item may force their security organizations to constantly
negotiate for funding or limit the scope of initiatives to specific
functions or silos.
A CISO perspective: Wider view, broader role
By Paul Connelly
Vice President and Chief Information Security Officer, Hospital
Corporation of America
The security leader role is changing because of several
key dynamics. The value and volume of information are
increasing for many companies, threats to that information
are becoming more sophisticated and relentless, and the
impacts of security breakdowns are becoming more costly.
And among business leaders, customers and the public
at large, expectations for the protection of information are
higher than ever.
As a result, security leaders have to focus on innovative
and highly efficient ways to protect company data, and
take a wider view of information protection that extends
beyond just security measures. The priority of–and spend-
ing on–information protection needs to be a business
decision, which may drive change in traditional reporting
structures within IT. Alignment with risk management and
privacy, disaster recovery and business continuity planning,
and physical security offers a clear advantage. It can
potentially eliminate overlap, create synergies and drive
company efficiencies in information protection–enabling
the security leader to become a broader information risk-
management player.
7. IBM Center for Applied Insights 7
Responders are more tactically oriented. They are concen-
trating on foundational building blocks: incorporating new
security technology to close security gaps, redesigning business
processes and hiring new staff. While technology and business
processes are still important to Influencers, they are in the
mode of continuously innovating and improving rather than
establishing basic capabilities.
Across all three groups, mobile security is the top technical
challenge, dominating the agendas of Responders (60 percent)
and Protectors (63 percent). Among Influencers, however,
mobile security is part of an end-to-end strategy. These
Influencers are focused not only on securing mobile access
(33 percent), but also protecting cloud (30 percent) and
database storage (30 percent).
Organizational reach
The Influencers have the attention of business leaders and
their boards. Security is not an ad hoc topic, but rather a
regular part of business discussions and, increasingly, the
culture. These leaders understand the need for more pervasive
risk awareness–and are far more focused on enterprisewide
education, collaboration and communication (see Figure 3).
They are working closely with business functions to create a
culture in which employees take a more proactive role in
protecting the enterprise. Because they are more integrated
with the business, these security organizations are also able to
influence the design of new products and services, incorpor-
ating security considerations early in the process.
Differences in focus over the next two years
Responders Influencers
2x
2x
4x
Improving enterprisewide
communication
and collaboration
Incorporating new
technology to close
current gaps
Providing education
and driving awareness
more
more
more
Figure 3: With foundational security technology and practices in
place, Influencers are turning their attention to people and building a
risk-aware culture.
“Security leaders are going to become more
key to their organizations, their budgets will
increase and they will move from the fringe
to being embedded.”
– Line-of-business Director, Banking
8. 8 Finding a strategic voice
Measurement
Influencers are twice as likely as Responders to track their
progress. Given their intent to build a more risk-aware
culture, these organizations measure user awareness and
educational programs more than Protectors and Responders
do (see Figure 4). And because they are concerned with
broader, more systemic risks, Influencers are also more
likely to assess their ability to deal with future threats and
the integration of new technologies. Generally speaking,
Influencers are not only gaining the attention of business
leaders and working collaboratively across the enterprise;
they are also being held responsible and accountable for
what they do through formal measurements.
“In general, the role of information security
will be moving away from specific risks to
global risks. The role will be much larger
than it used to be.”
– Finance Director, Insurance
Importance of metrics
Responders
Compliance
Risk and ability to deal with future threats
Vulnerability
Education and awareness
Speed of recovery from incidents
Day-to-day security operations
Attacks identified and thwarted
Cost
New technology and innovation efforts
High
Low
InfluencersProtectors
Figure 4: Influencers are more likely to measure progress through a wider variety of metrics and devote more attention to systemic change than the other groups.
9. IBM Center for Applied Insights 9
The case for security leadership
Despite constant threats and a growing range of risks,
some organizations are more confident and capable. Their
approaches highlight the importance of a broader charter for
the security function–and a more strategic role for informa-
tion security leaders. Yet, adopting this more holistic strategy
involves significant change.
Security leaders must assume a business leadership position
and dispel the idea that information security is a technology
support function. Their purview must encompass education
and cultural change, not just security technology and processes.
Leaders will need to reorient their security organizations
around proactive risk management rather than crisis response
and compliance. And the management of information security
must migrate from discrete and fragmented initiatives to an
integrated, systemic approach. Security has to be designed to
protect the entire enterprise, not just pieces of it.
To accomplish these objectives, security leaders should
construct an action plan based on their current capabilities
and most pressing needs. They will also need to gain the
support of the entire C-suite to drive enterprisewide change.
Responders can move beyond their tactical focus by:
• Establishing a dedicated security leadership role
(like a CISO), assembling a security and risk committee,
and measuring progress
• Automating routine security processes to devote more
time and resources to security innovation
Protectors can make security more of a strategic priority by:
• Investing more of their budgets on reducing future risks
• Aligning information security initiatives to broader
enterprise priorities
• Learning from and collaborating with a network of
security peers
A CISO perspective: Why measures matter
By John Meakin
Global Head of Security Solutions & Architecture, Deutsche Bank
Given the dynamic nature of the challenge, measuring
the state of security within an organization is increasingly
important. Since threats are always moving and solutions
are more complex, dynamic and often partial, knowing
where you are is essential. Leading indicators could include
a variety of measures from the number of applications
that have had specific security requirements defined and
tested prior to going live to the speed and completeness
of correcting known vulnerabilities.
As people access information from a wider variety of
locations and devices, protecting it becomes more difficult.
Organizations may need to track servers and end-points
that store higher classifications of information.
Although metrics can be a challenge to define and capture,
that should not deter organizations from implementing
them. Measurement may be imprecise at first but will
improve over time–and the process itself can drive valu-
able insight.
10. 10 Finding a strategic voice
Influencers can continue to innovate and advance their
security approaches by:
• Strengthening communication, education and business
leadership skills to cultivate a more risk-aware culture
• Using insights from metrics and data analysis to identify
high-value improvement areas
The integrated approach, strategic reach and measurement
systems of Influencers point to a new kind of security organiza-
tion and a new breed of leader. These forward-thinking security
leaders can make steady progress because they have authority,
accountability and impact. By following their example, those
who are not as far along can begin to find their strategic voice.
For more information
Visit the IBM Center for Applied Insights information
security website (ibm.com/smarter/cai/security) for additional
insights, including perspectives from IBM’s security leaders.
In addition, you can collaborate with peers from around the
world as part of the IBM Institute for Advanced Security
(instituteforadvancedsecurity.com).
About the authors
David Jarvis is a Senior Consultant at the IBM Center for
Applied Insights where he specializes in fact-based research
on emerging business and technology topics. In addition
to his research responsibilities, David teaches on business
foresight and creative problem solving. He can be reached
at djarvis@us.ibm.com.
Marc van Zadelhoff is the Vice President of Strategy for IBM
Security Systems. In this role, he is responsible for overall
offering management, budget and positioning for IBM’s global
security software and services portfolio. He can be reached at
marc.vanzadelhoff@us.ibm.com.
Jack Danahy is the Director for Advanced Security for
IBM Security Systems. He is a national speaker and writer
on computer network and data security and a distinguished
fellow at the Ponemon Institute. In addition, Jack is a frequent
contributor to industry and governmental security groups
in the areas of data privacy, cybersecurity, cyberthreats
and critical infrastructure protection. He can be reached at
jack.danahy@us.ibm.com.
Contributors
IBM Center for Applied Insights
Angie Casey, Steve Rogers, Kevin Thompson
IBM Market Development & Insights
Subrata Chatterjee, Doron Shiloach, Jill Wynn
Office of the IBM CIO
Sandy Hawke, Kris Lovejoy
IBM Security Systems
Tim Appleby, Tom Turner
11. IBM Center for Applied Insights 11
About the
IBM Center for
Applied Insights
The IBM Center for Applied Insights (ibm.com/smarter/cai/
value) introduces new ways of thinking, working and leading.
Through evidence-based research, the Center arms leaders
with pragmatic guidance and the case for change.