CISO Wishes and Initiatives, Risk of Disconnect, and Cyber Insurance Rises – BSW #223
In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!
Hosts
Matt Alderman
Chief Product Officer at CyberSaint
- 1. 3 Things Every CISO Wishes You UnderstoodEnsuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers. But the role of the CISO is as diverse as it is dynamic, varying massively depending on the organization, and is a role that's constantly in flux. Here are three things that every CISO wishes you knew: 1. The CISO's Role Is Changing Before Our Eyes 2. CISOs Are Capable of Helping Other Areas of Business Function 3. Questions of Ethics and Technology Are More Important Than Ever
- 2. Critical CISO Initiatives for the Second Half of 2021Here are the top goals for 2021, based on the lessons we have learned from 2020: 1. Security Operations Center (SOC) Automation 2. Remote Workforce Monitoring 3. Access Analytics and Risk-Based Access Controls 4. Detecting and Preventing Insider Threats 5. Cloud Transformation 6. Extended Detection and Response (XDR)
- 3. The risk of disconnect between CIOs and CISOsCompanies need their CIO and CISO working together to reach their strategic goals. Strain in the relationship is a recipe for breaches.
- 4. What is the BISO role and is it necessary?Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO's tactical and operations-level ambassador to the business units. Here are some of the responsibilities of this role: 1. raise the cybersecurity program's profile within the organization; 2. increase delivery of cybersecurity services internally; 3. connect with business units, learn their needs and offer them technical and operational support; and 4. organize and execute cybersecurity service delivery.
- 5. What Does It Take to Be a Cybersecurity Professional?With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career.
- 6. NIST defines “critical software” with a broad range of security functionsThe goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order. NIST has determined that "EO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:" - Is designed to run with elevated privilege or manage privileges - Has direct or privileged access to networking or computing resources - Is designed to control access to data or operational technology - Performs a function critical to trust - Operates outside of normal trust boundaries with privileged access Later phases of the EO's implementation may also include other categories of software, including: - Software that controls access to data - Cloud-based and hybrid software - Software development tools such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software - Software components in boot-level firmware - Software components in operational technology (OT)
- 7. Cyber insurance costs up by a thirdThe frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance.
Adrian Sanabria
Principal Researcher at The Defenders Initiative