How to Communicate Cybersecurity More Effectively to The Board
Featured in Forbes, ISF CEO Steve Durbin shares his guidance on how security leaders can enable the board to make informed security decisions.
Navigating Divisions In The Workplace: The impact of social media and rise of individual ideologies
Featured in Forbes, ISF CEO Steve Durbin explores the impact and influence of social media in shaping opinions and disseminating news.
EXPERT OPINION: Stop Talking About Security Awareness - Let's encourage secure behaviour and culture instead
ISF Expert Richard Absalom explores why organisations need to move beyond awareness; sharing guidance on how to focus on security culture instead.
Building A More Behavior-focused Security Awareness Program
Steve Durbin shares seven recommendations on how organisations should approach their awareness and security culture programs.
Who are BISOs and what do they bring to the cybersecurity table?
Steve Durbin, ISF Chief Executive shares his thoughts on why organisations need a BISO and what traits are ideally suited for the role.
The Impact of Technology Failures on Business Resilience
Steve Durbin, ISF CEO shares 5 important factors to consider when trying to mitigate and counterbalance business impact of technology failures
Strategies for Security Leaders: Building a positive cybersecurity culture
ISF CEO Steve Durbin shares his best practices on how security leaders can develop a positive brand and culture for cyber security.
Striking a Balance Between Business Growth, Risk Management, and Cybersecurity
Featured in Security Boulevard, ISF CEO, Steve Durbin shares recommendations on how to balance business growth with risk management.
The 6 Elements Defining a Valid Cybersecurity Strategy
Featured in Forbes, ISF CEO Steve Durbin explains how you can maximise value from existing cybersecurity investments to inform strategy.
EXPERT OPINION: Resilient by design is the way forward
ISF Head of Research, Paul Holland outlines the essential steps to ensure your organisation is well-positioned for cyber resilience.
From Cartels to Crypto: Trends Show Disruptive Cybercrime Evolving Rapidly
ISF CEO Steve Durbin explains why rise of cybercrime-as-a-service amongst other trends, are lowering entry barriers for criminals.
EXPERT OPINION: It'll never happen to us
ISF Head of Tools & Methodologies, Alex Jordan shares his expert opinion on managing extinction level risks associated with suppliers.
EXPERT OPINION: Social Engineering Attacks: Understanding OSINT to mitigate risk
Over the last decade, OSINT (open-source intelligence) became a buzzword across many industries and lines…
EXPERT OPINION: If we fail to prepare, we prepare to fail
ISF Head of Research, Paul Holland shares his expert opinion on incident preparedness and overcoming extinction level attacks.
EXPERT OPINION: The bigger they are, the harder we will all fall
"It’ll never happen to us." Most security and risk practitioners have faced this argument at…
Generative AI vs. Predictive AI: A Cybersecurity Perspective
Featured in Security Boulevard, ISF CEO Steve Durbin underscores how organisations can find value in predictive and GenAI implementation.
ISF: Your first line of defence
Interviewed by The European, ISF CEO, Steve Durbin shares the ISF perspective on implementing an effective cyber strategy
The Core Elements of a Cybersecurity Posture
ISF CEO Steve Durbin shares seven core elements that can lay the groundwork for a healthy cybersecurity posture.
The New Security Leader: Less Techy, More Business-Savvy
ISF Distinguished Analyst, Paul Watts features in InfoRisk Today to share his perspectives on balancing cyber risk and business goals.
Weaponized Disinformation Threatens Democratic Values
Steve Durbin, ISF CEO, shares insights into the looming AI-security threats from his interview with Brian Lord, CEO of Protection Group International.
#Infosec2024: Cyber Resilience Means Being Willing to Learn From a Crisis
Featured in Infosecurity Magazine, Distinguished ISF Analyst Paul Watts, shares his views on resilience and effective cyber crisis management.
5 key elements of cyber simulation exercises to boost cyber resilience
Steve Durbin, ISF CEO, shares five key elements required to design cyber simulation exercises aimed at enhancing cyber resilience.
Five ways security leaders can demonstrate the business value of cybersecurity
Steve Durbin, ISF CEO, shares five best practices on how security leaders can justify the business value of cybersecurity and improve alignment with business goals
Hack on Japanese Port Shows How Compromised Operational Technology Can Have a Widespread Impact
Paul Holland shares his thoughts on protecting and securing the integrity and confidentiality of information within OT environments.
COSMICENERGY: A new threat to OT
Paul Holland provides insight into a possible new threat to operational technology environments, specifically those in the energy sector.
Top Risks and Best Practices for Securely Offboarding Employees
Outgoing employees pose significant security risks to organizations. Here are some of the major issues…
Invest in Developing a Human-Centred Security Program
Steve Durbin explores steps to developing a human-centred security program that engages your workforce to better protect your organisation.
Security and the Business: It's good to talk
Paul Watts explores the shifting nature of business, the role of the security leader, and the impact of not aligning to each other’s goals.
Measuring Cyber Security: The what, why and how
Steve Durbin explores the ways security teams can best measure, analyse and report cyber security threats and performance
Navigating the Politics of Measuring Security
Richard Absalom explores the soft skills needed to navigate boardroom politics, ensuring measurements support decisions and drive action.
Four Cyber Risk Trends to Watch in 2023 and How Businesses Can Mitigate Them
With cyber security becoming riskier, costlier and more complicated, Steve Durbin explores four key challenges to look out for in 2023.
Five Top Qualities You Need to Become a Next-Gen CISO
Steve offers actionable guidelines to building and maintaining the skills and relationships that can take security leaders to the next level.
How Cyber Threat Intelligence Provides Security and Value to Business
Steve Durbin offers his thoughts on how enterprises can make the most out of threat intelligence for smarter security.
Best Practices to Help Strengthen Your Company's Security Culture
Human behaviour is one of the biggest challenges faced by security practitioners, leaders and cyber risk managers today.
Solve ICS Security Issues with ICS and IT Team Convergence
Threat actors are predicted to weaponise industrial control systems in order to harm or kill humans by 2025 - how should you prepare?
The Threat of Deepfakes and Their Security Implications
Steve Durbin discusses the cyber best practices and security controls you should be implementing now to mitigate the threat of deepfakes.
Securing Industrial Control Systems: The What, Why and How
Steve Durbin featured in Forbes to shed light on the best practices you should consider to better protect ICS environments.
Organisations Cannot Prosper Without Trust: Five ways to boost trust with cyber security
Steve Durbin offers advice on how you can prevent the dilution of enterprise value and trust in the eyes of your stakeholders.
Security Think Tank:
Balanced approach can detangle supply chain complexity
Francesca Williamson shares insight on how you can detangle the complexities of the supply chain and create better security practices.
Six Steps to Validate Cyber Incident Response Plans in Times of Conflict
Steve Durbin features in the World Economic Forum, offering considerations to consider when evaluating cyber incident response capabilities.
Three Unintended Consequences of Well-Intentioned Cyber Regulations
Steve explains how you can prepare against unintended consequences of cyber regulations, no matter how well-intentioned they might be.
What's Zero Trust, and What's Driving Its Adoption?
Steve Durbin deconstructs Zero Trust; explaining how it works, what the common misconceptions are, and what to consider before implementation.
7 Steps to Combat Cybersecurity Threats in Times of Instability
Steve Durbin outlines steps organisations and security teams can use to understand and prepare for potential threats in times of instability.
How Cybersecurity Leaders Can Add Value to M&A Deals
Steve Durbin offers advice on the M&A process: how you can mitigate risk and highlight to leadership the value of information security.
World's Largest Cybersecurity Benchmarking Study Finds that Top Executives Believe their Organizations are Not Prepared for New Era of Risk
ThoughtLab's press release for their study, providing evidence-based insights into the most effective cybersecurity practices and investments.
Five Proactive Steps CISOs Can Take During Times of Instability
Steve Durbin outlines how CISOs can shift from being reactive to proactive, improving the overall resilience of their organisation.
The Importance of Effective Cyber Risk Management
Dan Norman looks at what needs to be considered when evaluating the risks involved in an organisation’s security strategy.
Security Think Tank: Good training is all about context
Emma Bickerstaffe explores what makes a good security training programme and questions buyers should ask when procuring training as a service.
Positively Influencing Security Behaviour
Daniel Norman, ISF Senior Solutions Analyst, takes a closer look at 'Human-Centred Security' and how to achieve it.
Confronting Pervasive Cyber Threats for 2022 and Beyond
Discussing key pervasive cyber threats for 2022, Steve Durbin's recent Forbes article presents a strong foundation for security teams.
10 Cognitive Biases that can Derail Cybersecurity Programs
Read Steve Durbin's latest article highlighting the impact of the unconscious mind upon cybersecurity vulnerabilities.
Security Think Tank: Reframing CISO-boardroom relations
Read Emma Bickerstaffe's latest article for Computer Weekly as she offers CISO's food-for-thought following the pandemic.
Zero Trust: Five Misconceptions Every Business Should Avoid
Cybercrime is a major threat to every industry and organization in the world. No wonder global entities are desperately seeking a silver bullet that can somehow neutralize cybersecurity threats.
Why Does Ransomware Still Work?
Paul Watts, distinguished analyst, contributes to how ransomware has managed to retain its high profile in cybercrime for Computer Weekly.
Zero Trust: An Answer to the Ransomware Menace?
By Steve Durbin, Chief Executive of the ISF. Zero trust isn't a silver bullet, but…
An Effective Supply Chain Starts With Security
For more advanced, sophisticated supply chains, it’s about continually going back over it to increase…
What are the risks associated with personal, unsanctioned apps on corporate devices and why?
From a security perspective, what are the personal apps/app types that you think CISOs should…
Adapting InfoSec for Container Security
Containerization has effectively become the new normal for expediting app delivery and improvements; security concerns…
A return to the office is not a return to normal
Perhaps the biggest change that CISOs need to accept is that hybrid working is how…
Top 5 cybersecurity challenges in the hybrid office
The pandemic has caused a tectonic shift in how we live and work. Many companies…
How Cyber Security Criminals Exploit the 'Accidental Insider'
In the first of his regular new information security columns for Security Middle East, Daniel…
The new reality of a world online
Interview with Steve Durbin, Chief Executive of the ISF and The European The combination of…
How To Develop A Human-Centered Security Program
While many organizations have a security awareness training program in place, few trigger real behavior change or...
Technology Is Just A Tool: Why People Are The Heart Of Everything We Do In Business
The idea that technology can solve all our problems is seductive. It seems like every product vendor claims to...
Eight Cyber Challenges In An Uncertain World
With the pandemic precipitating a health crisis that continues to threaten the global economy and the real possibility of a...
Six Ways A Good Leader Can Become A Great Leader
Many people can become good leaders. After all, you can learn how to communicate and how to be a better listener; you can...
Cybercrime to Scale New Heights in 2021: What Can You do About it?
By Steve Durbin, Chief Executive of the ISF With the pandemic precipitating a rapid acceleration…
Five Threat Vectors Destined To Make Waves In 2021
By Steve Durbin, CEO of the Information Security Forum, and Forbes Business Council Member Building…
New Year’s Resolutions for the Board in 2021
By Steve Durbin, CEO of the ISF Maturing your organization’s ability to detect intrusions quickly…
Cybersecurity Must Be the Top Priority for the Board in 2021
By Steve Durbin, CEO of the ISF Leading the enterprise to a position of readiness,…
10 Benefits of Running Cybersecurity Exercises
By Steve Durbin, Managing Director of the ISF. There may be no better way to…
2020 Work-for-Home Shift: What We Learned
One area that organizations need to deal with is the rise of the insider threat,…
Cybersecurity in 2021: 5 Trends Security Pros Need to Know
The insider threat is one of the greatest drivers of security risks that organizations face…
ISF Proposal for “Human-Centered Security” Focuses Security Awareness on People’s Interactions With Technology
How can security keep pace with a cyber threat landscape that rapidly becomes more sophisticated…
Top Global Security Threats Organizations Will Face in 2021
Attackers will continue to be presented with the tools and opportunities to target and exploit…
Eight Steps To Building A Human-Centered Security Culture
By Steve Durbin, Managing Director, Information Security Forum, and Forbes Business Council Member Ransomware, phishing,…
New Information Security Forum Research Explores Human-Centered Security
Technology and processes should complement behavior, not add friction and impede productivity... Steve Durbin, Managing…
Changing Employee Security Behavior Takes More Than Simple Awareness
A human-centered security program helps organizations to understand their people and carefully craft initiatives that…
Why Security Awareness Training Should Be Backed by Security by Design
As a starting point, an individual will always choose to be productive in their current…
Information Security Forum Research Dives Into the Need for Human-Centered Security
A typical strategy should aim to reduce the number of security incidents and improve the…
Human-Centred Approach is Key to Better Security
Errors and acts of negligence can cause significant financial and reputational damage to an organization,…
Organizations Should Use Psychology to Promote Secure Behavior Among Staff
Errors and acts of negligence can cause significant financial and reputational damage to an organization...…
Cybersecurity Workforce Study Needs to be Taken with a Pinch of Salt
Apprenticeships, on the job learning, backed up with support training packages are the way to…
Skills Shortage Rains on Cloud Advances
Cross training within an organization is a good method of closing the skills gap by…
What Skills Will Cybersecurity Leaders Want in 2021?
All infosec teams have been under huge pressure lately and good CISOs acknowledge that and…
Six core characteristics that next-generation CISO’s exhibit
Being a next-generation CISO is an extremely rewarding position that allows an individual to become…
Insider vs. Outsider Data Security Threats: What’s the Greater Risk?
As data breaches increase, many will be the result of Insider threats. In fact, the…
Georgia Election Data Hit in Ransomware Attack
Typically, the success of ransomware is reliant on whether or not the target organization has…
What does it take to be a next generation CISO?
Becoming a next-generation CISO requires an individual to embrace and master new skills and disciplines,…
Cybersecurity Skills Gap Worsens, Fueled by Lack of Career Development
“Increasingly, lockdown has driven us all online and the training industry has been somewhat slow…
Remote work: 6 common misunderstandings about online security threats
VPN, cloud, and phishing misunderstandings show up in myths about security and remote work. Security…
The Impact of Coronavirus on the Threat Landscape
How has the coronavirus impacted the outlook on security over the next few years? The…
Risk Management, Insider Threats and Security Leaders in the Age of COVID-19
An insider threat is a security risk that originates from within an organization. According to…
When All Behavior Is Abnormal, How Do We Detect Anomalies?
Identifying normal behavior baselines is essential to behavior-based authentication. However, with COVID-19 upending all aspects…
If Remote Working is the New Norm, How Do We Do it Securely?
“My biggest concern is when remote workers enter phase three since it is unlikely that…
FBI: COVID-19-Themed Business Email Compromise Scams Surge
"Criminals have become more sophisticated by considering the psychological aspects of an attack," says Mark…
Nearly 10 Million People Filed for Unemployment in the US: What Does It Mean for the Cybersecurity and IT Workforce?
The number of new people claiming unemployment benefits totaled a staggering 6.648 million last week…
The Long-Term Impact of #COVID19 on the Cybersecurity Industry
“Remote working and remote business interactions will identify new opportunities, new ways of working that…
The Short-Term Impact of #COVID19 on the Cybersecurity Industry
As we work remotely and isolate ourselves from friends and colleagues as best we can,…
Keys to Hiring Cybersecurity Pros When Certification Can't Help
There just aren't enough certified cybersecurity pros to go around -- and there likely never…
Use the human-centered approach for smarter security and compliance teams
By Steve Durbin, Managing Director of the Information Security Forum. As the cyberthreat landscape becomes…
Insider Threats: How Co-Workers Became a Bigger Security Headache
One of the biggest security threats to your team might be the person working right…
Security Think-Tank: Tackle insider threats to achieve data-centric security
The belief that effective perimeter security is the best way to protect data is a…
Maximise your defence with people power
Humans are often referred to as the “weakest link” in information security. However, organisations have…