All Chief Information Security Officer articles

News Brief
N.Y. hospitals face stiff cybersecurity requirements under proposed rules

2023-11-15T21:09:00Z

New York hospitals would be required to have a cybersecurity program that includes regular cyber risk assessments under newly proposed regulations.
News Brief
SolarWinds cries SEC ‘overreach’ in fraud lawsuit against company, CISO

2023-10-31T17:52:00Z

SolarWinds will contest a lawsuit brought by the Securities and Exchange Commission against it and its chief information security officer alleging fraud and internal control failures related to the software company’s cyberattack reported in 2020.
Blog
Five Star Bank promotes tech services director to CISO

2023-07-24T18:25:00Z

Financial Institutions, the parent company of Five Star Bank, announced the promotion of Senior Vice President and Technology Services Director Scott Bader to senior vice president and chief information security officer.
Blog
Everest Re recruits CISO from FBI

2023-06-27T18:18:00Z

Insurance provider Everest Re announced the appointment of Don Good as chief information security officer.
Blog
Lacework recruits CISO from Twitter

2023-05-19T16:10:00Z

Cloud security company Lacework announced the appointment of Lea Kissner as chief information security officer.
Article
Carnival reaches $1.25M settlement over 2019 data breach

2022-06-23T19:33:00Z

Carnival Cruise Line reached a $1.25 million settlement with 46 attorneys general stemming from its 2019 data breach that involved the personal information of 180,000 Carnival employees and customers nationwide.
Article
Colonial Pipeline names first chief information security officer

2022-02-24T20:39:00Z

More than nine months after being targeted by a ransomware attack, Colonial Pipeline has named Adam Tice as its first chief information security officer.
Premium
Chapter 4: Recovery and lessons learned post-ransomware attack

2022-02-03T13:00:00Z

Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.
Premium
Chapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?

2022-02-02T13:00:00Z

No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?
Premium
Chapter 2, Part 2: Ransomware damage control and when to alert stakeholders

2022-02-01T13:00:00Z

Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.
Premium
Chapter 2, Part 1: Containment key to ransomware defense

2022-02-01T13:00:00Z

With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.
Premium
Chapter 1, Part 2: All hands on deck in C-suite ransomware response

2022-01-31T13:00:00Z

Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).
Article
Internal audit’s role in cyber-security testing: Where to start

2021-03-22T18:00:00Z

Nathan Anderson, senior director of internal audit at McDonald’s, discusses ways internal audit can better answer management questions about cyber-risks and become a more independent cyber-security testing function overall.
Article
NYDFS regulation a best-practices model for cyber-security training

2021-02-01T17:05:00Z

Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.
Article
Cyber-Risk Summit: Compliance should view cyber-security through prism of risk

2021-01-21T21:39:00Z

What’s most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW’s virtual Cyber-Risk & Data Privacy Summit.
Article
Learning from SolarWinds: Five steps to fortify your cloud supply chain

2020-12-30T20:24:00Z

For most companies, supply chain risk management traditionally focuses on managing physical third-party risks. But what the SolarWinds cyber-attack revealed is the catastrophic havoc fourth and fifth parties can also wreak in the often-ignored cloud supply chain.
Article
Best practices for M&A cyber-security due diligence in a virtual world

2020-10-15T16:12:00Z

The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
Article
NIST seeks comment on ransomware, cyber-attack guidance

2020-02-07T17:07:00Z

The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.