Useful Resources for CISOs: Blogs, Papers, Conferences & More



Useful Resources for CISOs

The role of the CISO is relatively new. While it's becoming increasingly accepted as a central role in managing enterprise data and security measures, the profession continues to evolve. CISOs bear a substantial amount of responsibility in the enterprise environment, sharing responsibility for developing long-term strategic vision collaboratively with other executives while maintaining primary responsibility for protecting the enterprise's information and assets.

From ensuring that ongoing employee security training is effective, to managing security teams and overseeing the company's information security practices and policies, CISOs wear a variety of hats. Fortunately, there are many useful resources on the web that make it easier for CISOs to find information on newly discovered threats, rapidly identify patches and fixes for vulnerabilities, learn about best practices and new security methods that fit into the broader enterprise information structure, and keep up with all the details that CISOs must oversee on a day-to-day basis. We've rounded up 50 resources we feel are highly useful or essential components of the CISO toolkit, arsenal, or knowledge base - from helpful blogs, videos, research, and reports to government agencies and databases. NOTE: The following 50 resources are not listed in any particular order of importance, but rather they are organized by category to make it easier to find the resources you're looking for. If there's something you think we've missed, feel free to add it to the comments!

Table of Contents:

Blogs

1. Ponemon Blog
@PonemonPrivacy

The Ponemon Institute is a highly-regarded resource for CISOs and other security professionals. The Ponemon Blog contains up-to-date and relevant information impacting CISOs, touching on corporate data issues, insider threats, and other security topics. The Ponemon Blog is also a useful source for staying up-to-date on the latest research and global surveys available from the Ponemon Institute.

Three posts we like from Ponemon Institute:

2. TechTarget - SearchCIO
@SearchCIO

TechTarget's SearchCIO section is a comprehensive resource for CIOs and CISOs, as well as other top- and mid-level security professionals. With news covering leadership, mobile, security, cloud strategies, and business intelligence, SearchCIO goes beyond the technical topics to focus on security-related news and information encompassing the broad roles of the CISO.

Three posts we like from SearchCIO:

3. Security Intelligence
@IBMSecurity

Security Intelligence offers "analysis and insight for information security professionals," including a multitude of topics particularly relevant to CISOs. You'll find articles about strategy, information security trends, collaboration, and other topics with valuable information to aid CISOs in leading their respective companies through the rapidly changing information security landscape - along with valuable insights on pursusing the CISO career path.

Three posts we like from Security Intelligence:

4. TechRepublic - Security
@TechRepublic

TechRepublic's Security category has hundreds of articles, but more than 100 of them are related specifically to the challenging role of the CISO and the many variables impacting professionals in this ever-changing field. Read about the role of the CISO, the dynamics of managing enterprise security, new developments impacting CISOs, and a variety of other pertinent security topics.

Three posts we like from TechRepublic - Security:

5. CSO Online
@CSOonline

From social engineering to CSO events, application security, and other pressing topics impacting organizations today, CSO Online is a useful hub for the modern CISO. Aside from blog posts, CSO Online is also a great source for security-focused slide shows, white papers, and other media.

Three posts we like from CSO Online:

6. InfoSec Institute
@InfosecEdu

A leading source of information on security training, the InfoSec Institute features a multitude of articles and tutorials on security topics. Founded in 1998 by a team of information security instructors, the InfoSec Institute has trained more than 15,000 individuals on everything from industry standard certifications to highly specialized, niche subject matter. The InfoSec Institute blog is a reflection of the varied and in-depth expertise of its instructors and contributors.

Three posts we like from InfoSec Institute:

7. Dark Reading
@DarkReading

Dark Reading offers a wealth of news and information on IT security, including plenty of content useful for CISOs. Dark Reading is one of the most well-known and widely read cyber security news websites, with insights on new threats, vulnerabilities, data protection, technology trends, and more.

Three posts we like from Dark Reading:

8. Verizon Security Blog
@VZEnterprise

Verizon's Security Blog is a wealth of information, including expert analysis, studies and whitepapers, news coverage, insights on security trends, and plenty of other valuable information for today's CISOs. A Weekly Intelligence Summary breaks down the most pertinent intelligence developments each week, ensuring busy CISOs can stay up-to-date on important trends without wasting precious time tracking down reliable news sources.

Three posts we like from Verizon Security Blog:

9. Wired - Threat Level
@Wired

Wired's Threat Level is a highly regarded news source on privacy, crime, and security online. Regular posts on topics relevant to CISOs and other security professionals, from a variety of contributors including well-known senior writers Kim Zetter and Andy Greenberg, help today's CISOs keep their fingers on the pulse of the industry.

Three posts we like from Wired - Threat Level:

10. ThreatTrack Security CSO Blog
@ThreatTrackLabs

ThreatTrack Security develops malware analysis, detection, and remediation solutions, but the company also offers a variety of useful resources for CISOs, including its CSO Blog. From advanced persistent threats to malware analysis, cybersecurity research, big data, BYOD security, and more, the CSO Blog covers the latest news and information on everything of interest to CISOs.

Three posts we like from CSO Blog:

11. ZDNet CXO
@ZDNet

"Technology is such a vital competitive differentiator that all business execs, whether they are CIOs, CEOs, CFOs or CMOs, need to understand the essentials," according to ZDNet's CXO blog, which sets out to provide the in-depth understanding C-level security executives require to excel in their challenging careers. From mainstream technology and security news to research and developments on security-related topics, ZDNet CXO offers the breadth and depth of knowledge modern executives demand.

Three posts we like from ZDNet CXO:

12. CIO - Security
@CIOonline

Get the latest news, analysis, video, blogs, tips, and research in one place: CIO Online. The site's Security category offers a plethora of useful information for CISOs, covering topics such as firewalls, encryption, spam blockers, and in-depth reviews of security suites by experts.

Three posts we like from CIO - Security:

13. Health IT Security

@SecurityHIT

 

Health IT Security is a leading source of news and resources for health IT professionals. Many articles are pertinent to CISOs within the healthcare industry, with coverage of topics including the trend towards greater acceptance of the need for the CISO role, tips for reducing security risk, risk management, mergers from a security perspective, current events, and more.

Three posts we like from Health IT Security:

14. GovTech - Security
@govtechnews

GovTech Security is the online portal to Government Technology, a publication belonging to an award-winning family of magazines covering information technology's role in state and local governments. The publication focuses on the dynamics and challenges of governing in the digital age, with the website offering multi-media resources on hacking, cyber crime, cybersecurity, tactics for strengthening security, privacy, and much more.

Three posts we like from GovTech - Security:

15. Computing Now
@computingnow

Technology professionals around the globe rely on Computing Now for up-to-date information, expert insights, and advice on coping with the latest security risks. With a large advisory board consisting of leading professionals in the field, higher education professionals, and other disciplines, Computing Now is a key resource for any CISO.

Three posts we like from Computing Now:

 

Multimedia Resources

16. Forrester CIO
@forrester

An independent research company, Forrester has a prestigious reputation as one of the most trusted resources on all things security. The Forrester CIO portal focuses on the challenging role of the CIO and CISO, touching on the multi-faceted demands of these careers, including the oversight of business technology, working collaboratively with fellow executives to develop strategy, and transforming their respective organizations to drive business innovation. In addition to blog posts covering the latest news and research, you'll find insights for key business initiatives, the latest reports influencing the role of the CIO/CISO, and more.

Three resources we like from Forrester CIO Blog:

17. CISO Handbook

A resource for CISOs, CSOs, and other security professionals, CISO Handbook is a collaborative forum where security leaders can share expertise, challenges, tips and techniques, and opportunities that exist in the modern landscape for professionals tasked with developing enterprise security programs. From articles to research publications, news, tools, and more, CISO Handbook offers a variety of resources for CISOs.

Three resources we like from CISO Handbook:

18. Information Technology Portal (National Institute of Standards and Technology)
@usnistgov

One of the nation's oldest physical science laboratories, NIST was founded in 1901 and has since become a part of the U.S. Department of Commerce. NIST's Information Technology Portal aims to advance state-of-the-art IT in applications such as cybersecurity and biometrics, accelerating the development of reliable, usable, interoperable, and secure systems. You'll find resources and information spanning categories from computer forensics and computer security to software testing metrics, alongside news stories, videos, information on current programs, and more.

Three resources we like from Information Technology Portal:

19. Gartner - CIOs & IT Executives
@Gartner_inc

Gartner, a leading independent technology research firm, offers research and insights for CIOs and IT executives through this portal via research reports, webinars, and other formats. You'll also find listings for upcoming events in the field, executive programs, and more.

Three resources we like from Gartner - CIOs & IT Executives:

20. Information Security Forum

Founded in 1989, the Information Security Forum is an independent, not-for-profit organization with membership comprising many Fortune 500 and Forbes 2000-featured companies. The Information Security Forum's top priorities include investigating, clarifying, and resolving key issues related to security and risk management as well as developing best practices, processes, and solutions to meet the needs of its members.

Three resources we like from Information Security Forum:

21. IT Security

With news, white papers, case studies, a vendor directory, events listing, and more, IT Security offers a variety of resources in various formats to help CISOs and other security professionals to stay abreast of the latest developments and happenings in the industry.

Three resources we like from IT Security:

22. ISC2
@ISC2

The largest not-for-profit professional body, ISC2 provides education and certification opportunities for infosecurity professionals. Recognized for Gold Standard certifications and world-class educational programs, ISC2 is a valuable source for the most up-to-date information impacting professionals in this ever-changing field.

Three resources we like from ISC2:

23. IT Governance Institute

The effective governance and management of enterprise IT is essential for IT to support enterprise goals for modern organizations. The IT Governance Institute is an excellent source of information on IT governance and management, offering insights through research and publications, surveys, a knowledge center, and more.

Three resources we like from IT Governance Institute:

24. Unified Compliance Framework
@itucf

The Unified Compliance Framework is a resource used by organizations and GRC vendors to manage conflicting and overlapping compliance requirements across IT regulations. It's the only industry-vetted compliance database, offering a plethora of useful resources to aid CISOs and other security professionals in adequately managing requirements and maintaining compliance for their respective organizations.

Three resources we like from Unified Compliance Framework:

25. SANS Internet Storm Center
@sans_isc

The SANS Internet Storm Center monitors the level of malicious activity on the Internet. A useful resource for CISOs for this reason alone, the SANS Internet Storm Center also offers podcasts, tools, data, forums, and other resources to help busy CISOs stay on top of the latest threats and news impacting enterprise security.

Three resources we like from SANS Internet Storm Center:

26. Educause Cybersecurity Initiative
@educause

A non-profit association serving IT leaders and professionals committed to advancing higher education, Educause is a source for learning about upcoming conferences and events, career development, accessing recent research and publications, and connecting with fellow professionals in the field.

Three resources we like from Educause Cybersecurity Initiative:

Reports and White Papers

27. Ponemon Institute
@PonemonPrivacy

The Ponemon Institute is well-known for its thorough research and analysis in the security field. The Ponemon Library is a collection of past and current research, reports, studies, and white papers conducted by Ponemon, including benchmarking reports, global analyses, and a variety of studies relevant to the work of the CISO.

Three reports we like from Ponemon Institute:

28. University of Washington - Office of the CISO
@UW

The University of Washington's Office of the CISO releases annual reports that address pressing issues facing security professionals in higher education, privacy, cloud computing, managing data, and more. While some topics are focused on the University of Washington, many articles are relevant to the broader work of the CISO, particularly those serving in higher education.

Three reports and resources we like from University of Washington - Office of the CISO:

29. NASCIO Publications
@NASCIO

The National Association of State Chief Information Officers is a leading organization serving executives in the government security field, including state CIOs, CISOs, and similar roles. The Association offers a variety of in-depth informational guides, reports, and analyses which provide useful insights for CISOs and other security professionals.

Three reports we like from NASCIO Publications:

30. EC Council CCISO Resources
@ECCOUNCIL

The EC Council offers the widely known CCISO Certification and has certified some of the world's leading security executives. The organization also manages events, including summits and Global CISO Forums, with the goal of bringing the world's top security executives together to advance knowledge in the field. The EC Council's website is also a valuable source of the latest knowledge, news, and other information offered through podcasts, webinars, and white papers.

Three reports we like from EC Council CCISO Resources:

31. Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers
@NYSDHSES

Offered by the IBM Center for the Business of Government, this report encompasses the continuously evolving role of the Chief Information Security Officer (CISO), which rose from the increased need for safeguarding information created on and shared among computers, along with society's increasing dependence on information technology.

Three topics we like from Cybersecurity Management in the States: The Emerging Role of Chief Information Security Officers:

  • Results from a Survey of and Interviews with Chief State Cybersecurity Officers
  • Case Studies of State Strategies for Cybersecurity
  • Excerpt from Public-Sector Information Security: A Call to Action for Public-Sector CIOs

32. CEOWorld Magazine – Top Chief Security Officers (CSOs) to Follow on Twitter
@ceoworld

CEOWorld Magazine recognizes the need for timely alerts when major security risks are around the corner or new developments arise that may mean your company’s network isn’t as secure as you had thought. For this reason, Twitter can be a valuable tool for being in-the-know the moment breaking news hits the security world. This list names the top chief security officers (CSOs), chief information security officers (CISOs), security executives, and experts to follow on Twitter.

Three experts you'll find in Top CSOs to Follow on Twitter:

  • Eugene Kaspersky, Chairman and Chief Executive Officer of Kaspersky Lab
  • Andy Ellis, Chief Security Officer of Akamai Technologies
  • David Ulevitch, the Founder and Chief Executive Officer of OpenDNS

33. Security Focus

A technical community for security professionals, Security Focus provides technical updates and technical papers related to newly discovered vulnerabilities in addition to discussions on more general security subject matter, such as penetation testing.

Three topics we like from Security Focus:

34. Forrester - Security & Risk Professionals
@forrester

Forrester Research offers a section dedicated to Security & Risk Professionals, including titles such as CISO, CSO, CRO, and similar roles. You'll find insights for key business initiatives, get reports on the latest research relevant to these roles, learn about upcoming events such as forums and webinars, and more. The Security & Risk Blog is updated regularly by leading contributors, offering valuable information on the latest security news and related topics.

Three resources we like from Forrester - Security & Risk Professionals:

35. Index of Cyber Security

The Index of Cyber Security is an independent public service effort co-published by Dan Geer, a computer security analyst and risk management specialist, and Mukul Pareek, a risk professional who has worked extensively in audit, advisory and risk management. The Index of Cyber Security provides a sentiment-based measure of the cyber security risk to corporate, industrial, and governmental entities.

Three resources we like from Index of Cyber Security:

 

Conferences and Training

36. ISSA CISO Forum
@ISSAINTL

A peer-to-peer event for CISOs to share concerns, successes, and feedback in a peer-only environment, ISSA CISO Forum offers memberships by invitation only, making it an exclusive organization for modern CISOs. Multiple events are held annually in varied locations, enabling CISOs to network and collaborate with fellow executives across the U.S.

Three resources we like from ISSA CISO Forum:

37. National Security Institute

The National Security Institute, founded in 1985 by Stephen S. Burns and David A. Marston, offers proven employee security awareness solutions. With a combined 35 years of experience in government and corporate security between them, Burns and Marston were responsible for designing key programs that protected some of the nation's most sensitive technology secrets. The National Security Institute quickly became the leading organization responsible for helping cleared defense contractors develop an understanding of the threats to national security.

Three resources we like from National Security Institute:

38. Toolkit for New CISOs

A comprehensive list of resources for new CISOs and those new to the higher education industry, this Toolkit for New CISOs contains links to discussion lists, articles, books, magazines, newsletters, and more.

Three resources we like from Toolkit for New CISOs (links to third-party websites):

39. CISSP
@cissps

An independent portal for cyber security and information security professionals, CISSP offers information on certifications for professionals in the field as well as other news and insights relevant for today's security professionals. It's an excellent resource for security professionals who want to learn more about becoming certified in CISSP.

Three resources we like from CISSP:

40. Defense Security Service - Information Security Professionals Toolkit
@DSSPublicAffair

The U.S. Department of Defense - Defense Security Service provides a useful Toolkit for information security professionals. The Toolkit contains a variety of resources to aid information security professionals in their roles.

Three resources we like from Defense Security Service - Information Security Professionals Toolkit:

41. CISO Summit
@CDMmedia

The CISO Summit is provided by CDM Media Summits, designed to enable CISOs and IT professionals to network with their peers in other industries across North America. Get information on sponsors, partners, upcoming events, registration, presentations, and session videos at the CISO Summit website.

Three resources we like from CISO Summit:

42. SANS
@sansinstitute

The most-trusted and largest source for computer security, IT security, and information security training, SANS is a robust resouce for all your training needs as a CISO. Information on live training, online training, and an abundance of other useful resources are available from the SANS website.

Three resources we like from SANS:

 

Government Resources, Organizations, and Databases

43. US-CERT
@uscert_gov

The United States Computer Emergency Readiness Team responds to major incidents, analyzes threats, and exchanges information with trusted partners around the world with the goal of creating a safer Internet for Americans. You'll find updates on newly discovered vulnerabilities, regulatory changes and information, publications, alerts, tips, and more.

Three resources we like from US-CERT:

44. Information Systems Security Association (ISSA)
@ISSAINTL

ISSA International connects and develops cybersecurity leaders globally, with a network of more than 10,000 security colleagues worldwide. With local chapters, special interest groups, an annual conference, and other opportunities and information, ISSA is a worthy organization for CISOs.

Three resources we like from ISSA:

45. NIST National Vulnerability Database

The National Vulnerability Database is a must-have tool for any CISO's toolkit, offering updates and information on vulnerability management, security measurement, and compliance.

Three resources we like from NIST National Vulnerability Database:

46. National Security Agency
@NSA_PAO

The National Secuity Agency/Central Security Service is the U.S. Government's security defense agency. Information for businesses, academia, careers, research, and public information are all found on the NSA website.

Three resources we like from National Security Agency:

47. ISACA
@ISACAnews

An association representing more than 115,000 professionals, ISACA helps enterprises maximize the value of their information and technology. Certifications and education information is available on the ISACA website, along with the ISACA Journal, a robust knowledge center, and more.

Three resources we like from ISACA:

48. CERIAS
@cerias

One of the world's leading centers in information assurance and security research, Purdue University's CERIAS provides a wealth of useful resources for CISOs, including research, white papers, tools, and more.

Three resources we like from CERIAS:

49. Privacy Association
@PrivacyPros

The Privacy Association offers all the privacy tools and information you need in one central location. From tools and research to a helpful glossary, information on employee awareness and education, career development resources, and more, the Privacy Association truly is a one-stop resource for CISOs.

Three resources we like from Privacy Association:

50. CISO Platform
@CISOPlatform

The CISO Platform is a social network dedicated to the CISO profession, aiming to provide a useful resource and collaborative portal for CISOs to network, share knowledge, ask questions, and work collaboratively to advance the field.

Three resources we like from CISO Platform:

More from the Digital Guardian Data Security Knowledge Base:

Nate Lord

ANALYST REPORTS

Gartner 2017 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Nate Lord

Nate Lord is editor of Data Insider.

Free Trial 2017 Gartner DLP MQ Contact Us