information security

May 21, 2018

SECURITY

The Importance of an Information Security Strategy in Mergers and Acquisitions

Organizations that engage in M&A should include an information security strategy as part of the process.

April 3, 2018

COLLABORATION

Cisco Spark Achieves HIPAA Compliance

Cisco Spark is now ready for use in healthcare consistent with customer needs for HIPAA, a U.S. healthcare law that establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information.

May 11, 2016

GOVERNMENT

Cybersecurity for Defense: Network Segmentation

Classifying and compartmentalizing information has been around within the Department of Defense before it was even called the Department of Defense. However, as DOD information that was once secured in vaults and safes has become digital data, many new regulations have been introduced that mandate how this data should be processed and handled. These regulations […]

October 26, 2015

SECURITY

Active Threat Analytics: Easing the Burden of Threat Management

In Greek mythology, Sisyphus was a trickster king cursed with the eternal torment of fruitless labor. As punishment for his hubris and wile, Zeus condemned this hapless figure to the unending task of pushing a boulder up a mountain. Once he reached the top, the boulder would fall back down. And he would begin again. […]

January 6, 2015

SECURITY

Responsive Security in Action

In 2013, our internal Information Security team carried out a series of controlled anti-phishing exercises. The purpose was to raise employees' awareness of potential spear phishing attacks through emails. Spear phishing has been a common first step for Advanced Persistent Threat (APT) attacks to gain access to a user's system before launching further attacks at internal targets. As such, if employees are vigilant against such attack patterns, we should effectively reduce the risk of successful APT attacks involving email phishing.

December 30, 2014

SECURITY

Getting More Responsive Security by Learning From Disaster Responses

Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requirements. In this fourth installment, we look at how good preparation can improve security outcomes, […]

December 23, 2014

SECURITY

Issues and Dilemmas in Information Security Practices

Editor’s note: In A Circular Problem in Current Information Security Principles, we highlighted one of the challenges in our knowledge domain that contributes to the ineffectiveness of today’s information security practices. In this third installment, we review the issues and dilemmas that are common in our practice environment. One of the challenges information security management teams […]

December 9, 2014

SECURITY

Understanding and Addressing the Challenges of Managing Information Security – A More Responsive Approach

Just like bad weather conditions found in nature, such as typhoons, hurricanes, or snowstorms, technology system defects and vulnerabilities are inherent characteristics found in a cyber system environment. Regardless of whether it’s a fair comparison, weather changes are part of the natural environment that we have little direct control over, whereas the cyber environment is […]

July 16, 2014

SECURITY

Unified Security Metrics Program—Live at RSA Singapore

Noted business management author Peter Drucker famously said, “What’s measured is improved.” When applied to the world of security, meaningful security metrics can literally transform an organization and solve real business problems. At Cisco, Unified Security Metrics (USM) combines multiple sources of data to create higher-value actionable business metrics and decision-making capabilities to protect the […]