cybersecurity – Page 61

ENISA NIS360 2024 Report: a Comprehensive Look at Cybersecurity Maturity and Criticality of NIS2 Sectors

ENISA's NIS360 2024 report assesses the cybersecurity maturity and criticality of NIS2 sectors in the EU, identifying improvement areas. Key findings highlight that electricity, telecoms, and banking are the most mature and critical, while digital infrastructures lag. Recommendations stress enhanced sector collaboration, development of specific guidance for NIS2 implementation, and cross-border cooperation. Other sectors like ICT, space, and health face unique challenges requiring tailored guidance and awareness to improve resilience. The report aims to inform national authorities and policymakers for effective strategy development.

https://www.enisa.europa.eu/news/enisa-nis360-2024-report

CISO Liability Risks Spur Policy Changes at 93% of Organizations

By CIO / Blog / cybersecurity

93% of organizations updated policies to address CISO liability risks due to regulatory shifts, including increased board involvement and enhanced legal support. Key incidents like the Uber CISO conviction prompted this change. However, a lack of clarity over accountability for cybersecurity incidents persists, with only 36% of firms clearly defining roles.

https://www.infosecurity-magazine.com/news/ciso-liability-risks-policy-changes/

Zero Trust Network Access (ZTNA)

By CIO / Z / network, cybersecurity

ZTNA: Security model ensuring access control based on user identity. No trust by default; verifies each request regardless of location. Enforces least privilege, enhances endpoint security, and mitigates risks from breaches.

BlackLine CISO Jill Knesek on Building Security Teams

By CIO / Blog / cybersecurity

Jill Knesek, BlackLine's CISO, discusses her experience in cyber threat mitigation and building security teams. She emphasizes a structured cybersecurity team with governance, risk, compliance, application security, and operations units. Knesek prioritizes soft skills and cultural fit in hires, alongside technical training. Effective communication with executives using risk management language and transparency builds trust. She identifies ransomware as a top threat, advocating strong security practices and employee training. Knesek acknowledges the potential of AI in enhancing security while remaining cautious of its risks. Her key advice is to focus on fundamental security hygiene to address the majority of attack vectors.

https://www.infosecurity-magazine.com/interviews/blackline-ciso-jill-knesek/

Zero Trust Network Access: Ending Implicit Trust in Cybersecurity

By CIO / Blog / network, cybersecurity

Zero Trust Network Access (ZTNA) replaces “trust but verify” with strict access controls for hybrid workforces, minimizing breaches and enhancing compliance in cloud environments. ZTNA denies implicit trust, isolates applications, restricts lateral movement, and enforces least privilege, making it essential in modern cybersecurity.

https://securityboulevard.com/2025/03/zero-trust-network-access-ending-implicit-trust-in-cybersecurity/

SolarWinds CISO Says Security Execs Are ‘nervous’ About Individual Liability for Data Breaches

By CIO / Blog / cybersecurity

SolarWinds CISO Tim Brown highlighted growing anxiety among security executives about personal liability for data breaches, stemming from legal challenges following the company's notable cyberattack. This stress distracts CISOs from their core responsibilities, impacting their effectiveness. While individual executive liability raises concerns, some cybersecurity professionals argue it may enhance accountability. Brown emphasized the need for clearer guidelines to allow CISOs to manage cybersecurity without legal fears hindering their work.

https://cyberscoop.com/tim-brown-solarwinds-liability-cyberlawcon/

Cyber Resilience Redefined

By CIO / Blog / cybersecurity

UK Cyber Resilience Act (CRA) aims for stronger board accountability in cybersecurity, paralleling EU's NIS2. The CRA needs clearer guidelines on supply chain security, incident response, and penalties. Analysts urge proactive security strategies amid AI threats. Effective legislation should evolve with threats, incorporate stakeholder insights, and focus on business continuity and recovery post-breach. Final outcomes of the CRA could impact UK's cyber resilience and compliance landscape.

https://cybernews.com/security/c-suite-cybersecurity-breaches/

Chief Information Security Officer (CISO)

By CIO / C / cybersecurity

CISO oversees organization's info security strategy, risk management, policy development, team leadership, and incident response. Responsible for safeguarding data and ensuring compliance with regulations.

Center for Internet Security (CIS)

By CIO / C / cybersecurity

CIS: Non-profit focused on improving cybersecurity. Develops benchmarks, guidelines, and best practices. Offers tools like CIS Controls and CIS-CAT for effective security management. Provides resources for organizations to enhance defense against cyber threats.

CIS Benchmarks

By CIO / Blog / cybersecurity

CIS provides cybersecurity benchmarks for various platforms, aimed at helping organizations mitigate threats. These include configuration guidelines for over 25 vendor products, tools for assessing compliance, and a variety of resources like the CIS SecureSuite and webinars for implementation support. Membership benefits include access to exclusive tools and community development.

https://www.cisecurity.org/cis-benchmarks