To ensure effective cybersecurity risk management, follow this checklist:
1. Understand the organization’s security landscape
2. Identify the gaps
3. Create a team
4. Assign responsibilities
5. Train and upskill employees
6. Implement cyber awareness across departments
7. Implement a risk management framework
8. Develop risk assessment programs
9. Create and maintain a sound incident response and business continuity plan
However, don't take all the advice from their next blog, THE NEXT CYBERSECURITY RISK MANAGEMENT MODEL POST THE COVID-19 CRISIS, https://blog.eccouncil.org/the-next-cybersecurity-risk-management-model-post-the-covid-19-crisis/.
Below are eight steps organizations can implement to heighten cybersecurity governance:
1. Recognize that the worst-case scenario has escalated
2. Empower the CISO to directly report to the CEO
3. Conduct reviews of internal cybersecurity policy
4. Confirm your processes and controls are bulletproof
5. Stay up to date on regulations
6. Allocate at least 10 percent of your IT budget to cybersecurity
7. Develop and regularly update a comprehensive incident response strategy
8. Communicate with customers and suppliers
Framing the cyber risk conversation in ways that resonate with the board will help close the chasm between cyber risk and enterprise objectives. Here are three tips for communicating cyber risk to the board.
1. Understand the board's responsibility
2. Present data in a familiar format
3. Know your benchmarks
When communicating with the C-suite or shareholders, CISOs have to speak equal parts security and bottom line. How security experts derive business value from risk and threat-based analysis can be done by using the "three P's": prediction, prevention and proaction. In doing so, security leaders are able to unpack a business risk to their C-suite and board.
Here are two ways CISOs can cut to the chase:
1. In a quarterly report, reserve a single slide for the business risks accumulated during that period in a graphic.
2. Choose relevant information to share, not the full cyber threat intelligence report.
Here are 12 common traits that security leaders say will keep you from advancing your cybersecurity career – and how you can avoid such a fate:
1. Believing security is the end goal
2. Getting stuck
3. Acting like the smartest one in the room
4. Being too timid
5. Losing your cool
6. Talking tech
7. Sticking to yourself
8. Failing to build other skills
9. Staying still
10. Staying in security
11. Mistaking vulnerabilities for risks
12. Being tactical, but not strategic
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems t...
Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into.
Fitzgerald, T. 2019. Chapter 14. CISO ...
In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more!