Managing cybersecurity in an organization means managing risk at strategic level. While at operational level an organization might be “mature” in a way it manages information security risk (baseline security-hygiene controls are in place), at strategic level (top decision making level – strategic risk owners) it might not […]
I am honored to present information security management view on information and technology asset management at Annual Audit, Risk and Governance Africa conference organized by MISTI. My presentation slides with notes and references could be accessed here: Viktor Polic ARG Africa 2018 notes final
In November 2013 I have published an article in the CSO Journal titled “The quest for weak links in information security”. Inspired by security breach of Financial Times in May of 2013 when one of its many blog platforms was compromised to give attackers access to other internal […]
I would like to dedicate this post to my friend and colleague Dr. Eduardo Gelbstein who sadly passed away in 2015. Ed was my colleague at Webster University Geneva campus and at the United Nations for many years. We have co-authored a few articles and talks. One of […]
For organizations with fragmented security operations, for example with one unit managing operations of perimeter network security another unit managing operations of end-point security and identities and third unit managing operations of applications and databases security, coordination of these functions is critical for effective and efficient Information Security […]
On the 1st of June 2018 at Webster University in Geneva I talked about security of IoTs. From “smart fridges” that ask for privacy policy consent to “smart fish tank thermometers” that were exploited by hackers to access and exfiltrate databases from within internal corporate networks, and connected […]
Webster University undergraduate catalog description: This course will introduce the student to the field of cybersecurity and Internet architecture. The application, physical, link, network and transport layers of the protocol stack are presented. The student will study technologies, processes and practices designed to protect networks, computers, programs, and data from attacks. Cybersecurity […]
The role of a Chief Information Security Officer (CISO) is not to manage technology, although information and communication technology is in the heart of corporate digital transformation. The crown jewel is information, and the role of a CISO is to manage risk that could prevent organizations and people […]
