Several years ago, I received an early-morning phone call at home from one of my security staff. Our security operations center had just contacted us, reporting anomalous data traffic. They believed we had several assets that were infected with malware. As I listened to the incident response team triage the event, I thought to myself, "What can I do as a CISO to better protect my organization?" I had numerous networks and legacy assets under my purview, and even though I had a solid security program, I didn’t feel we were doing enough to address our risk. What fundamentals could…
[Continue Reading]