El Diario del CISO (The CISO Journal) Volumen 7 2018 | Page 4

Influencers
Dottie Schindlinger,
VP/Governance Technology Evangelist
Five Questions on Board-Level Cybersecurity Considerations
ISACA Now: How do board directors and executive leaders go about
ensuring hackers don’t consider their organizations to be low-
hanging fruit?
Board members and executive leaders of organizations are
ultimately responsible for ensuring the long-term health of their
organizations – and this responsibility extends to mitigating cyber
risk. That doesn’t mean they have to be deeply involved in the day-
to-day operations of cybersecurity programs, but they can’t be
complacent.
The simplest thing directors can do to mitigate cyber risk is to ask
questions and hold themselves to a higher standard. First, boards
should ensure their organizations are providing the right set of tools
to ensure the board’s communications are kept secure – for
example, moving away from email in favor of a more holistic
“Enterprise Governance Management” solution.
firewall or perimeters are simply a way of separating things so you
can organize them better. An internet firewall is an organizing
principle between “stuff that’s not your problem” (the internet) and
“stuff that’s your problem” (your network).
The complete article is here
George Campbell
Emeritus Faculty, Security Executive Council
Is it Time for a Corporate Security Maturity Assessment?
Over the past few years, the Security Executive Council (SEC)
has been examining a variety of applications to assist in the
implementation of operational excellence (OpEx) in security
program management. Below, we address the potential
benefits of creating a Capability Maturity Model (CMM) as an
enabling process in OpEx. As an OpEx enabler, business
process maturity assessments have been around for a number
of years1 in support of process transformation efforts. As tools,
they are useful models because they seek to provide
straightforward results that are simple to understand and direct
in terms of where to focus on measurable improvements.
The complete article is here
The complete article is here
Marcus J. Ranum
Security Consultant
Perimeters Aren’t Dead – They’re Valuable
Since I first began building internet firewalls in the late 1980s, I have
periodically encountered claims that “the perimeter is dead” or
“firewalls don’t work.” These claims are rather obviously wrong: your
4