All Chief Information Security Officer articles
-
ArticleCarnival reaches $1.25M settlement over 2019 data breach
Carnival Cruise Line reached a $1.25 million settlement with 46 attorneys general stemming from its 2019 data breach that involved the personal information of 180,000 Carnival employees and customers nationwide.
-
Article
Colonial Pipeline names first chief information security officer
More than nine months after being targeted by a ransomware attack, Colonial Pipeline has named Adam Tice as its first chief information security officer.
-
Article
Chapter 4: Recovery and lessons learned post-ransomware attack
Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.
-
Article
Chapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?
No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?
-
Article
Chapter 2, Part 2: Ransomware damage control and when to alert stakeholders
Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.
-
Article
Chapter 2, Part 1: Containment key to ransomware defense
With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.
-
Article
Chapter 1, Part 2: All hands on deck in C-suite ransomware response
Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).
-
Article
Internal audit’s role in cyber-security testing: Where to start
Nathan Anderson, senior director of internal audit at McDonald’s, discusses ways internal audit can better answer management questions about cyber-risks and become a more independent cyber-security testing function overall.
-
Article
NYDFS regulation a best-practices model for cyber-security training
Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.
-
Article
Cyber-Risk Summit: Compliance should view cyber-security through prism of risk
What’s most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW’s virtual Cyber-Risk & Data Privacy Summit.
-
Article
Learning from SolarWinds: Five steps to fortify your cloud supply chain
For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
-
Article
Best practices for M&A cyber-security due diligence in a virtual world
The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
-
Article
NIST seeks comment on ransomware, cyber-attack guidance
The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.
