CISO Wishes and Initiatives, Risk of Disconnect, and Cyber Insurance Rises – BSW #223

Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers. But the role of the CISO is as diverse as it is dynamic, varying massively depending on the organization, and is a role that's constantly in flux. Here are three things that every CISO wishes you knew: 1. The CISO's Role Is Changing Before Our Eyes 2. CISOs Are Capable of Helping Other Areas of Business Function 3. Questions of Ethics and Technology Are More Important Than Ever

Here are the top goals for 2021, based on the lessons we have learned from 2020: 1. Security Operations Center (SOC) Automation 2. Remote Workforce Monitoring 3. Access Analytics and Risk-Based Access Controls 4. Detecting and Preventing Insider Threats 5. Cloud Transformation 6. Extended Detection and Response (XDR)

Companies need their CIO and CISO working together to reach their strategic goals. Strain in the relationship is a recipe for breaches.

Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO's tactical and operations-level ambassador to the business units. Here are some of the responsibilities of this role: 1. raise the cybersecurity program's profile within the organization; 2. increase delivery of cybersecurity services internally; 3. connect with business units, learn their needs and offer them technical and operational support; and 4. organize and execute cybersecurity service delivery.

With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career.

The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order. NIST has determined that "EO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:" - Is designed to run with elevated privilege or manage privileges - Has direct or privileged access to networking or computing resources - Is designed to control access to data or operational technology - Performs a function critical to trust - Operates outside of normal trust boundaries with privileged access Later phases of the EO's implementation may also include other categories of software, including: - Software that controls access to data - Cloud-based and hybrid software - Software development tools such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software - Software components in boot-level firmware - Software components in operational technology (OT)

The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance.