Office of the CISO, The Fearless CISO, and America’s Cyber Reckoning – BSW #244
In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America’s Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Hosts
Matt Alderman
Chief Product Officer at CyberSaint
- 1. C-suite’s biggest ransomware fear: Post-attack regulatory sanctionsC-suite executives and business leaders are most concerned about being exposed to regulatory sanctions, such as fines, over and above the loss of data or intellectual property (IP) and other consequences, in the wake of a ransomware attack, according to new data from cyber pro association (ISC)².
- 2. The Office of the CISO: A Framework for the CISOThe Office of the CISO framework integrates the (increasingly expected) elements of ‘executive’ in the context of the CISO function. CISOs are more impactful, and their programs are more effective; when they are delivering at a higher caliber of ‘executive.’ The 3 Pillars of the Office of the CISO: 1. Strategy, Governance & Oversight 2. Talking & Partnering 3. Operations
- 3. The Fearless CISO: 4 Ways to Secure EverythingWhat happens when security leaders have a comprehensive security approach based on Zero Trust principles? They can be fearless, armed with the ability to secure everything without any limits. Let’s take a look at four ways that we have seen organizations manage a comprehensive security approach: 1. Commit to a Zero Trust Strategy 2. Manage Compliance, Risk, and Privacy 3. Use a Combination of XDR + SIEM Tools 4. Using MFA Whenever and Wherever Possible
- 4. America’s Cyber-ReckoningTo do better, the United States must focus on the most pernicious threats of all: cyberattacks aimed at weakening societal trust, the underpinnings of democracy, and the functioning of a globalized economy. The Biden administration seems to recognize the need for a new approach. But to make significant progress, it will need to reform the country’s cyber strategy, starting with its most fundamental aspect: the way Washington understands the problem.
- 5. Security priorities for 2022: Advancement, not revolutionSecurity leaders say their priorities reflect security needs due to recent shifts in their organization’s IT and business environments, a changing threat landscape, and emerging risks. - Cloud data protection technologies top the priority list, with 87% of CISOs either studying, piloting, using or upgrading their use of them. In a related finding, 88% of CISOs are prioritizing cloud-based cybersecurity services. - Data access governance technologies also tops the CISO priorities list, as does zero trust, with 84% indicating that zero trust is a priority for them. - Behavior monitoring and analysis is another big priority, with 82% saying they’re studying, piloting, using, or upgrading their use of them. - CISOs also indicated high interest or use of security orchestration, automation and response (SOAR) technologies, with 77% of CISOs either studying, piloting, using or upgrading their use.
- 6. How to Include Cybersecurity Training in Employee OnboardingApproach cybersecurity training in a structured way. Think of it as a cybersecurity checklist for new employees: - Set Employee Cybersecurity Expectations - Cybersecurity Awareness Training for New Employees - Easy Security Threat Reporting - Cybersecurity Training Advocates - Manage User Privilege Access - Protecting Passwords and Other Login Credentials - Require Lock Screen Passcodes for Unattended Devices - Require a VPN for Remote Work - Cybersecurity Training Should Include Managing Allowed Apps - Set BYOD Guidelines - Include Company Device Use Policies in Employee Onboarding - Device Monitoring - Ongoing Cybersecurity Training