All CISO articles
-
News Brief
SolarWinds cries SEC ‘overreach’ in fraud lawsuit against company, CISO
SolarWinds will contest a lawsuit brought by the Securities and Exchange Commission against it and its chief information security officer alleging fraud and internal control failures related to the software company’s cyberattack reported in 2020.
-
Blog
Everest Re recruits CISO from FBI
Insurance provider Everest Re announced the appointment of Don Good as chief information security officer.
-
Article
Carnival reaches $1.25M settlement over 2019 data breach
Carnival Cruise Line reached a $1.25 million settlement with 46 attorneys general stemming from its 2019 data breach that involved the personal information of 180,000 Carnival employees and customers nationwide.
-
Article
Colonial Pipeline names first chief information security officer
More than nine months after being targeted by a ransomware attack, Colonial Pipeline has named Adam Tice as its first chief information security officer.
-
Premium
Chapter 4: Recovery and lessons learned post-ransomware attack
Whether fictional private utility company Vulnerable Electric pays the ransom or not in the aftermath of its cyber incident, the two pathways quickly splinter off in different directions with varied endings, each with important lessons to be learned.
-
Premium
Chapter 3: Ransomware eradication prompts tough choice: To pay or not to pay?
No matter what, the deck is stacked against fictional private utility company Vulnerable Electric as it weighs whether to pay the $5 million ransom demanded by a cybercriminal who breached its systems. Which path do you take?
-
Premium
Chapter 2, Part 2: Ransomware damage control and when to alert stakeholders
Systems at fictional private utility company Vulnerable Electric remain impacted in the aftermath of a ransomware attack, but the chief executive decides it’s time to be forthright with employees and customers.
-
Premium
Chapter 2, Part 1: Containment key to ransomware defense
With Day 2 of fictional private utility company Vulnerable Electric’s ransomware crisis comes the need to grasp the extent of its situation. The cyber incident response team’s synchronized efforts are pivotal as time is of the essence.
-
Premium
Chapter 1, Part 2: All hands on deck in C-suite ransomware response
Following the events that triggered a double extortion ransomware attack, the CEO of fictional private utility company Vulnerable Electric mobilizes her cyber incident response team to begin assessing the path forward to dealing with the cybercriminal(s).
-
Article
Internal audit’s role in cyber-security testing: Where to start
Nathan Anderson, senior director of internal audit at McDonald’s, discusses ways internal audit can better answer management questions about cyber-risks and become a more independent cyber-security testing function overall.
-
Article
Special report: Compliance, infosec & battling cyber threats
LifePoint Health’s VP for Compliance Program Operations/Chief Privacy Officer Ellen Hunt and VP/CISO Andy Heins share how they work ”hand in glove” to protect their company’s data from bad actors.
-
Article
NYDFS regulation a best-practices model for cyber-security training
Companies must make cyber-security a continuous priority as threats evolve, often more quickly than the technology and regulations to counter them. That’s why the New York Department of Financial Services, under Maria Vullo, developed a policy that should act as a model for organizations.
-
Article
Cyber-Risk Summit: Compliance should view cyber-security through prism of risk
What’s most important for compliance officers is to understand the risks breaches and hacks pose to their organizations, not the technical manner of how those breaches occur, according to an expert panel at CW’s virtual Cyber-Risk & Data Privacy Summit.
-
Article
Best practices for M&A cyber-security due diligence in a virtual world
The slowdown in mergers and acquisitions in the early stages of the coronavirus pandemic in March is waning, and M&A activity is approaching pre-pandemic levels again, with cyber-security risk now the top concern.
-
Article
NIST seeks comment on ransomware, cyber-attack guidance
The National Institute of Standards and Technology is seeking input on a trio of draft guidance published in the past week. Two of the drafts address ransomware attacks, and the third addresses protecting against cyber-attacks in the supply chain.