The Library


Technology has transformed our world and will continue to do so. As we move more of our lives, business operations, and critical infrastructure into the digital arena, cyberattacks become more successful and damaging.

Securing the trust in our digital networks is fundamental to protecting our way of life in this digital age. In order for companies to thrive in today’s global economy, they need to deliver their services along with security; however, this can only happen once leaders see cybersecurity and risk management as an extension of their business operations and growth.

For this reason, Palo Alto Networks, in conjunction with NYSE and thought leaders from the U.S. from the public and private sector, have come together to write Navigating the Digital Age: The Definitive Cybersecurity Guide for Directors and Officers. Intended as both a how-to guide and an anthology, this book includes advice and cybersecurity best practices from CEOs, CISOs, lawyers, consultants and former government officials.

With the success of the original U.S guide, Palo Alto Networks has continued this mission globally, partnering with publishers and thought leaders from around the globe to write regional editions in France, United Kingdom, Australia, Singapore, Japan, Germany and Benelux.

Wherever on the globe, this conversation must be a continuous and interactive one so that all business-minded leaders, regardless of industry or background, have the proper tools and guidance they need to effectively navigate cyber risk in the digital age. Download your local guide.

EU Legislation: What Does it Mean for Your Cyber Strategy?

There has significant media coverage on the Network Information Security Directive and the revision to the General Data Protection Regulation, in this session we will cover the realities. When do they come into effect, what are the key aspected you should be aware of and more critically how will they impact your cyber security strategies. This session will give you a practical insight to ensure your cyber strategy is aligned with the new legislation.

Notification of the Requirements of the EU NIS Directive & GDPR

Doing business in the European Union is changing. By May 2018, companies must comply with the new General Data Protection Regulation’s (GDPR) data breach notification requirements and the Network and Information Security (NIS) Directive’s security incident notification requirements.

Notification requirements make it imperative to prevent incidents before they happen. To help you prepare for these new requirements, Palo Alto Networks hosted a webinar with cybersecurity and data privacy lawyers from Orrick Herrington & Sutcliffe to discuss:

· What are the requirements and the deadlines under each law?
· What are the thresholds for notification, and who needs to be notified?
· How should companies prepare for their oncoming obligations? What strategies should be in place? What have other international companies done to prepare and communicate?
· What might be the legal consequences of non-compliance?

Unity of Opposites in Cyber Sovereignty as per Three-Perspective Theory

Sovereignty as it applies to cyberspace- a paper by Major General Hao Ye Li, once of the Chinese Peoples’ Liberation Army, now retired and serving as an advisor to the China Institute for Strategic Studies.

The paper carries an introduction by John A. Davis, Major General, U.S. Army (Retired), and Vice President, Chief Security Officer (Federal), at Palo Alto Networks.

Download to read more about this new view of cyberspace from three perspectives: the nation, the citizens, and the international community.

Avoiding the Bullseye: Cybersecurity Lessons from the Target Litigation

Retail has been particularly hard hit by cybersecurity breaches because of the wealth of Personal Identity Information (PII) collected and, unfortunately retained, by the retailers. The 2013 massive compromise of retail giant Target’s systems has been litigated in the courts and subject to an extensive Multi-State Attorney-General Task Force action that has produced record payouts to plaintiffs.

The purpose of this paper is to use the Target litigation as a backdrop of the cybersecurity measures a business must have in place if it is to protect adequately the PII of its lifeblood — the customers.

Public Cloud Security: Three Questions to Ask Your CIO

As more and more executives are realizing, the public cloud offers unparalleled agility benefits, allowing companies to go from idea to implementation dramatically faster than ever. Agility, digital modernization and instant scalability are often the primary engines for public cloud adoption growth. Not surprisingly, the decision to adopt public cloud services for many business initiatives is no longer the sole purview of the CIO. In fact, research from IDC indicates that 41 percent of CEOs are major decision-makers in the determination to adopt public cloud, with a nod to the growing role board members now play in that decision.

This paper outlines the three main questions CEOs and board members should be asking their CIO about public cloud security.

Securely Enabling Cloud Adoption

By highlighting some key questions to ask and rules to follow when articulating a cloud strategy, this paper will help organizations take advantage of the cloud with the confidence that they’re not leaving themselves exposed to new cyber security risks.

Cloud Adoption: Security and Risk Considerations

As with any business enabling technology, public cloud adoption poses risks. Senior leaders should understand and manage those risks in a way that is in line with the organization’s risk appetite while taking into account the regulatory and competitive factors applicable to the organization and its industry.

The Next Board Problem: Automatic Enterprise Security Orchestration — a Radical Change in Direction

Commercial boards and senior government officials may be the only groups capable of kick-starting a new direction in the evolution of cybersecurity. In order to understand why this is a board issue, it is important to understand why commercial industry and government operations are at this critical intersection between best practices and new ideas.

This paper describes Defense-in-Depth and why it is a failed model, it describes how network defenders adopted the Cyber Kill Chain model as a replacement but have not implemented it well, and also describes a much better way to implement the Cyber Kill Chain model, with a security platform.

EU Cybersecurity-Related Legislation: Why Companies Should Care

Two new pieces of legislation entering into force in the European Union – the Network and Information Security Directive and the General Data Protection Regulation – have the potential to impact how any company that does business in Europe manages its cybersecurity risks. To learn more about these pieces of legislation, their implications, and for advice related to preparing your company to respond to them, download the Executive Advisory Report: European Union Cybersecurity-Related Legislation.

Reducing the Business Risks of Cyberthreats: Make Smart Investments in Next-Generation Security

Your organization’s approach to cybersecurity can either securely enable your business to innovate and make use of transformational technologies, like the cloud, or it can introduce unnecessary risk and complexity. Making the proper investments in cybersecurity can help companies protect the resiliency and integrity of their business operations.