Leadership Solutions

Strategic News

65% of Procurement Professionals Say Regulations Increase Business Risk

A survey of 600 professionals in the U.S. and U.K. conducted by Dun & Bradstreet also finds that "88% of the 341 respondents who experienced fraud in the past two years said fraud has had an impact on their company’s brand." Follow the link in the article for the full report.
Supply Chain Dive

Social Media and Fraud Part 1: The CISO's Advice

Social media platforms have emerged as the world's most popular forms of communication. They also have become popular platforms for committing fraud. David Pollino, CISO of Bank of the West outlines what institutions should do to secure their social media presence.

IBM's HR Chief Shares Best Advice On The Future Of Work

Diane Gherson discusses teambuilding, motivation, and the impact of technology on the global workforce.

Congress passes data security bill for small businesses

The US Senate has passed its version of the NIST Small Business Cybersecurity Act. The bipartisan measure promises smaller companies a consistent, relevant and universal set of NIST-based guidance and resources for protecting their data against online threats.

America Needs a Blockchain Strategy ASAP

The technology behind cryptocurrency can keep the United States safe—but only if the country takes advantage of its head start.
Foreign Policy

Economic Espionage and the Growing Case for Corporate Counterintelligence

Corporate security executives need to define and discuss the risks with executive leadership, determine relevance and pertinent assets and develop a strong CI value proposition.

74 Arrests in Business Email Compromise Takedown

A six-month coordinated global law enforcement effort to crack down on business email compromise schemes has resulted in 74 arrests, the DOJ announced.
Data Breach Today

Atlanta expects ransomware infection that sought $50K will cost the city millions more: Report

Atlanta anticipates spending another $9.5 million to recover from the ransomware virus that infected city computers in late March and disrupted government services for several weeks, a top local official said.
The Washington Times

School Security Plan Should Look for Threatening Behaviors, Experts Say

Public spaces — including Boston Public Schools — are increasing security in response to mass shootings, but school safety experts say that’s only a small piece of the puzzle.
Boston Herald

Trump’s School Safety Commission Won’t Look at Guns, Betsy DeVos Says

During her testimony Tuesday before the Senate subcommittee that oversees education spending, Education Secretary Betsy DeVos said that the federal commission on school safety established after the Parkland, Fla., school shooting will not focus on the role guns play in school violence.
New York Times

Gaining Confidence in Showing Value

Four proven elements to help security leaders maintain a strong business focus.
SEC Faculty Advisor

COSO offers enterprise risk management certificate

The Committee of Sponsoring Organizations of the Treadway Commission, also known as COSO, has introduced a COSO Enterprise Risk Management Certificate program for professionals who want to demonstrate their expertise in the COSO ERM Framework.
Accounting Today

Why the Security of Your Vendor’s Entire Enterprise Matters

Be cautious of vendors who contend that their enterprise security program is none of your concern. That very argument demonstrates a lack of understanding of the cyber-threat landscape.
Dark Reading

Alexa Mishap Hints at Potential Enterprise Security Risk

Some significant security concerns comes with the possibility of a headlong rush into voice assistants in the workplace.
Dark Reading

Third of business decision makers would pay hacker’s ransom demands rather than invest in more security, NTT Security Risk:Value report reveals

The findings from the 2018 Risk:Value Report, commissioned by NTT Security, the specialised security company of NTT Group, show that another 30 per cent in the UK are not sure if they would pay or not, suggesting that only around half are prepared to invest in security to proactively protect the business.
Response Source

Fixating On Vulnerabilities Is A Vulnerability

Security teams struggle to prioritize and understand the business risks associated with vulnerabilities, sometimes at the expense of other security efforts.

New FBI Data Shows Active Shooters Caused Nearly 750 Casualties in 2017

96 percent of the shooters since 2000 were male, and nearly two-thirds of all incidents happened in businesses and schools.
The Trace

3D printing of weapons: A threat to global, national, and personal security

A new RAND Corporation paper suggests additive manufacturing could benefit military adversaries, violent extremists and even street criminals, who could produce their own weapons for use and sale.
Homeland Security Newswire

Top intelligence official says Chinese ZTE cellphones pose security risk to U.S.

President Trump wants to help the Chinese firm, but a top intel official told the Senate that ZTE cellphones may be used by the Chinese government to spy.
NBC News

The Massive Talent Shortage on the Horizon

By 2030 — no more than a couple of economic cycles away, in all likelihood — the worldwide talent shortage will reach about 85 million people with needed skills, according to a new report. The estimated financial impact: as much as $8.5 trillion of unrealized annual revenue. The U.S. would by far take the biggest economic hit, losing out on $1.7 trillion in unrealized revenue — 21% of the world’s total — as a result of the talent deficit 12 years from now. The $1.7 trillion would equate to roughly 6% of the entire U.S. economy.

FBI: More active shooters in 2017 than any other year on record

The bureau reported 30 active shooting incidents in 2017, which is the highest recorded since the FBI started keeping track in 2000.
The Hill

Is Payments Industry Ready for New Encryption Protocols?

To meet new Payment Card Industry Data Security Standard requirements that go into effect June 30, payment card acquirers, processors, gateways and services providers worldwide are working to implement more secure encryption protocols for transactions.
Bank Info Security

IAG creates 'novel' model to predict cost of cyber attack

Insurer IAG has modelled the financial cost that a data breach or ransomware attack would have on its business, in part to understand how much proposed infosec investments might offset its losses.
IT News

YouTube Shooting Puts a Focus on Workplace Security

The shooting this week at the headquarters of YouTube, a Google-owned company about 25 miles north in San Bruno, has highlighted the security risks of Silicon Valley’s relatively open corporate campuses — particularly as tech companies’ expanding influence angers more people online.
The New York Times

Now that Russia has apparently hacked America’s grid, shoring up security is more important than ever

Hackers taking down the U.S. electricity grid may sound like a plot ripped from a Bruce Willis action movie, but the Department of Homeland Security and the FBI recently disclosed that Russia has infiltrated “critical infrastructure” like American power plants, water facilities and gas pipelines.
The Conversation

Security budgets up, but talent scarce, says Isaca

Security budgets are increasing, but qualified cyber talent remains difficult to find with positions taking at least three months to fill, an industry association report on the state of cyber security reveals
Computer Weekly

Hard Choice for Cities Under Cyberattack: Whether to Pay Ransom

The dilemma confronts city and state officials with alarming frequency: Digital extortionists have hijacked their computer systems and demanded ransom. Should they pay?
The New York Times

Survey Roundup: Ethical Values Trump Compliance Checklists

A look at some recent surveys and reports dealing with risk and compliance issues.
The Wall Street Journal

First-of-its-kind higher education joint cyber security operations center launches

OmniSOC at Indiana University protects five universities, hundreds of thousands of devices and tens of thousands of students and faculty from cyber threats
News at IU

Are you letting GDPR’s privacy rules trump security?

The lesson here for every company struggling to meet GDPR compliance: Protect privacy, but don’t weaken your ability to detect and respond to threats in the process.

Hackers are holding the city of Atlanta’s computer systems for ransom, causing massive outages — and anyone who has conducted business with the city is at risk

Senior officials have advised both businesses and consumers to monitor their bank accounts, saying anyone who has conducted business with the city is at risk.
Business Insider

NCSU: Only 31% of companies have risk management process in place despite growing threats

Most senior finance leaders agree that the volume and complexity of corporate risks are increasing, yet less than a third, 31%, report their organizations have complete enterprise risk management (ERM) processes in place. This is according to new report from North Carolina State University’s Enterprise Risk Management Initiative and the American Institute of CPAs (AICPA).
WRAL TechWire

With cyber in the spotlight, how has the role of the CISO changed?

“The CISO role has changed from being the primary intel expert and person the company turns to for an authoritative answer on all matters security, to more of a facilitator of the organization as it tries to make the right decisions in terms of security, functionality and customer service,” Palmer told Insurance Business.
Insurance Business Magazine

Trump administration to crack down on securities, tax fraud

Rosenstein ... said the private sector must monitor its own behavior, explaining that he expects companies to go beyond simply having policies to comply with the law, and make compliance part of their corporate cultures.

Securities and Exchange Commission Releases Updated Cybersecurity Guidance

"This guidance serves as loud wake-up call for all boards of directors to determine who among them is a cybersecurity and risk expert, what role the board is playing in governing cybersecurity risks, and how exactly the board is managing these risks and responding to incidents," Chris Pierson, CEO of Binary Sun Cyber Risk Advisors, a cybersecurity consultancy, tells Information Security Media Group.

A Sneak Peek at the New NIST Cybersecurity Framework

Key focus areas include supply chain risks, identity management, and cybersecurity risk assessment and measurement.
Dark Reading

From the TSA: Here’s what you should know about guns and airports

The TSA, which has been setting yearly records for finding guns at airport checkpoints, offered a warning to owners. The federal agency, along with local law enforcement, said travelers who bring firearms to checkpoints can face state or local criminal charges. The TSA can also file federal civil claims of up to $13,000.
The Washington Post