The CISO’s role is never static. Over the last two decades, it has evolved beyond technical IT security. CISOs are now central to their organization when it comes to risk, compliance and governance. And this comes at a time when businesses are undergoing rapid change in the face of changing threats. In the past, the CISO or head of IT security has been an inward-facing role, ensuring compliance and keeping data secure. But that has changed, with cybersecurity teams more business oriented.

It’s that time of year that the usual happens. Christmas crackers with bad jokes. Holiday specials on TV (constantly). And cyber specialists like me make predictions about the year to come. With the help of insights from Gartner and my own views on what we are likely to see in 2022, I think I can help you with a couple of these. Firstly, it’s worth knowing that Gartner’s predictions come from Gartner IT Symposium/Xpo Americas, which ran virtually in October 2021.

In a previous blog post, I discussed the different applications of integrity for Zero Trust and provided four use cases highlighting integrity in action. The reality is that many organizations can’t realize any of this on their own. But they don’t need to. They can work with a company like Tripwire as a partner on their Zero Trust journey. Let’s explore how they can do this below.

The United States Department of Defense (DoD) views securing the supply chain and the Defense Industrial Base (DIB) as one critical pillar in protecting national security. Dedicated security requirements exist for the protection of federal information systems as well as classified information based on the NIST 800-53 standard. However, several years ago, a gap was identified in the security requirements for the protection of non-federal systems and controlled unclassified information (CUI).

If you enter the term “Purdue Model” into your favorite search engine, the resulting images will vary considerably. There’s almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even find some diagrams place operator Human-Machine Interfaces at Level 3. Notably, the original 1990 publication defines “operator’s console” as a Level 1 entity.

The role of the modern CISO is more than understanding the technical side of the business. In fact, the role consists of even more than understanding the business side of the business. When I spoke with Ian Thornton-Trump, he was able to shed light on how important effective communication and team-building are to the overall success of a modern CISO. His insights can be valuable to any person currently in a CISO position and also to anyone looking to embark on the path to becoming a successful CISO.

The National Cyber Security Centre (NCSC) recently released its fifth annual review of the state of cybersecurity in the United Kingdom. The report is presented under five headings including an analysis of and response “The Threat,” advice for resilience, advances in threat detection and prevention technology, improving the cybersecurity ecosystem, and global leadership. The overarching message of the report is to provide safety for all online activities of all UK citizens.

The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks.

When it comes to cybersecurity governance and management, there is no “one size fits all” approach. Today’s CISOs have a far wider range of responsibilities than their predecessors as heads of IT security. The CISO role is no longer purely technical, focused on hardware and endpoint protection and on operations within the organisational perimeter. Today’s CISO is as likely to be involved with software security, cloud applications, security awareness, and user training.