CSO

The need for a CISO goes away and morphs into the role of the Chief Information Risk Officer reporting to either a Chief Risk Officer or Chief Compliance Officer outside of IT. Security truly becomes embedded in this model and the costs are reduced through consolidation of efforts.

Yes, ladies and gentlemen, according to the Institure of Internal Auditors(IIA), "there is no such thing as 'IT Risk'". After closing a semester of teaching web application security, I wanted to share my observations and concerns regarding the understanding of "risk" among the next generation of security professionals.

I've been a bit too serious lately and it is almost time to wrap up 2008. So here is a new twist on the Twelve Days of Christmas.

Suggestions for new verses are welcome!

This is the arsonist-calling-in-the fire syndrome demonstrated by many who believe themselves to be leaders using fires that should not burn in the first place to assume operational command.

Cyber Monday 2008 has arrived. You know, that Monday after Black Friday which comes the day after Thanksgiving. So why should Chief Security Officers (CSOs) care? Here's a primer for the rookie CSO.

This November, CSO held it's Executive Seminar on Data Loss Prevention in New York City. Here is a recap of the event.

Recent news headlines are full of intriguing stories about real-life consequences to virtual actions at home and work. Virtual world travels, combined with Web 2.0 interactions, are merging with real life behaviors at the office as never before. Security professionals had better take notice - now.

New position for former CSO of state Health and Human Services

What do you do when HR questions you on the value of security certifications?

National Cyber Security Awareness Month