The Cultural Maturation of Cyber Risk Management

From GARP –

“Born from the perfect storm of 9/11, the Nimda worm, and Section 404 of the Sarbanes Oxley Act (SOX), the rise of the chief information security officer (CISO) has occurred at a lighting pace. Mega breaches have earned them a seat at the boardroom table, yet CISOs still struggle to articulate cybersecurity risk in a way that board members can understand.

To move past this, CISOs need to flex their leadership muscles and take a top-down approach to risk management – one that will likely require them to “unlearn” many of the best practices that got them to where they are.

It is a path with which the broader risk management profession is familiar: In the early 2000s, information security was mainly driven by compliance. Back then, CISOs were little more than glorified IT security admins.”

Read more>>

That Guy Loses It!

From Deloitte CIO Journal -

Is your laptop and mobile adequately protected?

Ashley Madison: The new face of data breaches

From Mobile Payments Today –

“For almost two years now, Target has served as the reluctant standard-bearer when it comes to high-profile data breaches.

The retail giant took that title away from TJX, which suffered a data breach in 2007 that affected 94 million consumers and cost the discount clothing chain close to $500 million. While Target's setback started a string of high-profile retail data breaches and became a rallying cry for the current EMV transition in the U.S., no incident since then has vied to become the new champion.

Enter Ashley Madison.

When news broke that the Canada-based online dating service for married people had experienced a data breach, it set in motion a chain of events not seen with other data breaches.”

Read more>>