Daily Archives: May 8, 2018

Firewall Management Maturity Stage 2: Next Generation Firewall Management

In the second of this three-part series examining the stages of firewall management maturity, we look at next generation firewall technology.


Category:

Information Security
Leadership Insights

In the second of this three-part series examining the stages of firewall management maturity, we look at next generation firewall technology. Next generation firewalls provide tremendous value, but also present unique challenges for organizations trying to manage the technology.

What is a CSO? Understanding the critical chief security officer role

A CSO is a departmental leader responsible for information security, corporate security or both. That's the simplest answer to the question "What is a CSO?", and one that our founding editor Derek Slater offered up to readers way back in 2005 — heck, if there's one website you ought to be able to trust to tell you what a CSO is, it's CSOonline. But of course, no one-sentence answer can encapsulate the complexity of a job like this, and not everyone with the CSO title has the same set of responsibilities.

The title Chief Security Officer (CSO) was first used principally inside the information technology function to designate the person responsible for IT security. At many companies, the term CSO is still used in this way. Chief Information Security Officer (CISO) is perhaps a more accurate description of this position, and today the CISO title is becoming more prevalent for leaders with an exclusive information security focus.

To read this article in full, please click here

St. Kitts and Nevis Pass the Data Protection Bill 2018

On May 4, 2018, St. Kitts and Nevis’ legislators passed the Data Protection Bill 2018 (the “Bill”). The Bill was passed to promote the protection of personal data processed by public and private bodies.

Attorney General the Honourable Vincent Byron explained that the Bill is largely derived from the Organization of Eastern Caribbean States model and “seeks to ensure that personal information in the custody or control of an organization, whether it be a public group like the government, or private organization, shall not be disclosed, processed or used other than the purpose for which it was collected, except with the consent of the individual or where exemptions are clearly defined.”

Read more about the Bill.

National Standard on Personal Information Security Goes into Effect in China

On May 1, 2018, the Information Security Technology – Personal Information Security Specification (the “Specification”) went into effect in China. The Specification is not binding and cannot be used as a direct basis for enforcement. However, enforcement agencies in China can still use the Specification as a reference or guideline in their administration and enforcement activities. For this reason, the Specification should be taken seriously as a best practice in personal data protection in China, and should be complied with where feasible.

The Specification constitutes a best practices guide for the collection, retention, use, sharing and transfer of personal information, and for the handling of related information security incidents. It includes (without limitation) basic principles for personal information security, notice and consent requirements, security measures, rights of data subjects and requirements related to internal administration and management. The Specification establishes a definition of sensitive personal information, and provides specific requirements for its collection and use.

Read our previous blog post from January 2018 for a more detailed description of the Specification.

Interruptions Are Bad – Business Security Weekly #84

This week, Michael and Paul interview Senior Attorney, Elizabeth Wharton! In the Article Discussion, the work required to have an opinion, why email is so stressful, productivity, and more! In Tracking Security Innovation, we have updates from Carbon Black, Trusted Key, Namogoo, IronNet Cybersecurity, and more on this episode of Business Security Weekly!

Full Show Notes: https://wiki.securityweekly.com/BSWEpisode84

 

Visit https://www.securityweekly.com/bsw for all the latest episodes!