20 Leaders Who Built the CISO Era: 2 Decades of Change
As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.
Playbooks provide repeatable steps for detecting, responding to, and recovering from cybersecurity incidents, helping teams coordinate actions under pressure.
Search across headline titles and summaries.
Background for this topic.
A security playbook is a documented sequence of decisions and actions for handling a defined situation, such as suspected credential theft, malware, or exploitation of a known vulnerability. It typically identifies triggers, investigation steps, evidence to collect, containment and recovery actions, owners, escalation points, and communications. Playbooks may guide analysts manually or drive partially automated workflows; they are broader decision guides than narrowly scripted task lists.
Playbooks make response more repeatable and reduce hesitation during time-sensitive investigations, but their value depends on accurate assumptions and regular testing. They should reflect current technology, contact paths, detection data, and legal or privacy constraints, and should state when automation must stop for human approval. Security teams commonly update them using lessons from incidents, exercises, and threat intelligence—for example, revising a phishing playbook when attackers change credential-harvesting techniques. Stale steps, excessive permissions, or unsafe containment actions can delay recovery or disrupt legitimate systems.
Weekly headline count for the current query.
As part of Dark Reading's 20th anniversary special coverage, we profile the CISOs, founders, researchers, criminals, and policymakers who rewrote the enterprise risk playbook.
Using Anthropic's Claude, OpenAI's ChatGPT, and a detailed playbook prompt, a handful of cyberattackers reportedly gained access to government agencies and its citizens' data.
Discover a strategic approach to govern scraping risks, balance security with business growth, and safeguard intellectual capital from automated data harvesting.
A third of the "flipped" CVEs affected network edge devices, leading one researcher to conclude, "Ransomware operators are building playbooks around your perimeter."
AI adds real value to cybersecurity today, but it cannot yet serve as a single security guardian. Here's how organizations can safely combine AI-driven analysis with deterministic rules and proven security practices.
Successful ransomware groups have three key elements in common. Spoiler alert: indicators of success don't all revolve around artificial intelligence.
You can't negotiate with hackers from a place of fear — but you can turn their urgency against them with the right playbook, people, and preparation.
By creating a safe environment for open discussion, prioritizing human context alongside technical data, and involving diverse stakeholders, organizations can turn security incidents into accelerators of resilience.
In a market where security budgets flatten while threats accelerate, improving analyst throughput is fiscal stewardship.
The Texas municipality is following its incident response playbook as it works with a third-party to investigate the scope and scale of the attack.
The Joint Cyber Defense Collaborative playbook seeks to establish a "a unified approach" on how to handle AI-related cybersecurity threats.
The playbooks that accompany your incident response plan provide efficiency and consistency in responses, help reduce downtime and dwell time, and can be a cost-saving and reputational-saving measure for your organization.
"See one, teach one, do one" takes a page out of the healthcare playbook to reduce human vulnerabilities where they matter most in cybersecurity.
The manual provides guidance on how to improve the resiliency of critical infrastructure.
Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: Proactive playbooks, a US-Kenya partnership, and the trouble with shadow engineering.
It's more important than ever for organizations to prepare themselves and their cybersecurity postures against known and unknown threats.
The China-backed APT that's been trying to set itself up inside US critical infrastructure for the purpose of disrupting physical processes is deploying a similar playbook in Africa.
Iran has taken a page from the Russian playbook: Passing off military groups as civilians for the sake of PR and plausible deniability.
Organizations must balance the risk and reward of new cyber-asset management technologies.
How can you safeguard your organization amid global conflict and uncertainty?