Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
With so many employees and contractors working remotely, security teams and CISOs grapple with the job of continuing to protect networks, systems, data, and people. One challenge: recognizing clues that something is wrong when nothing looks normal.
Calls for jail time for C-suite executives after a data breach are getting louder, but proposed legislation such as the Corporate Executive Accountability Act would not prevent data breaches. Instead, it would will simply result in organizations lawyering up, CISO Advisor Dave Lewis argues.
Humans are fundamentally wired to take risks, and their decisions are all about taking risks in order to gain some kind of a benefit. Poor decisions are because risks are not straightforward to understand, Andy Ellis, CSO of Akamai Technologies. If the information is presented differently, there would be better decision-making.
There are obvious differences between government policy and organizational policy, but when it comes to crafting information security policies, there are several elements that apply to both sides. Here are some of them.