7 Questions, 7 Mistakes, and a CISO Checklist – BSW #253
Full episode and show notes
In the Leadership and Communications section, 7 Pressing Cybersecurity Questions Boards Need to Ask, 7 mistakes CISOs make when presenting to the board (Let's see if those align), CISO Checklist for Offboarding Security Staff, and more!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
VP, Product at Living Security
- 1. 7 Pressing Cybersecurity Questions Boards Need to AskBoards have a unique role in helping their organizations manage cybersecurity threats. They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster. In this article we offer 7 questions to ask to make sure your board understands how cybersecurity is being managed by your organization. Simply asking these questions will also raise awareness of the importance of cybersecurity, and the need to prioritize action.
- 2. 7 mistakes CISOs make when presenting to the boardTalking to the board about cybersecurity in a way that is productive can be a significant challenge, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organization. Here are some common mistakes that CISOs make when speaking to the board: 1. Using over-technical security language 2. Focusing on the wrong threat impacts 3. Relying on out-of-box cyber risk reporting 4. Failing to prepare for potential questions 5. Oversharing and security scaremongering 6. Presenting cybersecurity as a cost center 7. Not investing in relationships outside the boardroom
- 3. Time to Deal with Cyber Security Strategically, and from the Top DownThis is no longer just about tech — if it ever was. This is about protecting the business against cyber-attacks which have now become a matter of “when, not if”. This is no longer something you can push down in the organisation. If the board does not see the need — or does not feel qualified — to step in, nothing will never change for good around cyber security because it has simply become too complex and too transversal in large organisations. Bottom-up approaches will continue to pour cash down the drain and CISOs will continue to leave every other year out of frustration. And breaches will continue to happen.
- 4. How to Create a Cybersecurity Disaster Recovery Plan – ReadWriteYour recovery plan will detail the steps your organization needs to take to stop losses, end the threat, and move on without jeopardizing the future of the business. These are some of the biggest goals you’ll need to achieve with any plan you develop. 1. Business continuity. 2. Data protection. 3. Loss minimization. 4. Communication. 5. Restoration. 6. Improvements.
- 5. CISO Checklist for Offboarding Security StaffThis article assumes that you have already taken the routine measures. If you haven't, fix the basics first. We'll focus only on the extra steps necessary to offboarding security staff, based on the advice of many CISOs and other security professionals. 1. Time the Parting Well 2. Prepare for the Great Boomerang 3. Enlist Help from Your Security Team 4. Do the Insider Threat Checks 5. Do a Last-Day Audit 6. Check the Silos 7. Notify Other Affected Parties 8. Kill the BYOD Network Permissions and Wipe Devices 9. Disable/Deny Physical Access Permissions 10. Transfer Data Ownership 11. Check All Codes 12. Shut the Backdoor 13. Secure Security Systems 14. Find and Save Configurations 15. Check Incident and Log Data 16. Look Again
- 6. Importance of soft skills in TechnologyLet’s look at some examples that illustrate the value of soft skills: 1. Career growth and promotion 2. Adapting to the modern workplace 3. Improves customer service
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element