Leadership Triad, Awesome CISO Tips, & CISO Demands – BSW #242

The business system is a triad of command, leadership, and management: - The functions and responsibilities of the command are reduced to determining the direction. - Management implies understanding goals, providing the means sufficient to follow in a given direction, organizing processes to ensure effective operations. - Leadership is a moral and emotional activity.

According to this misguided article, “Know more about colleges, jobs, and courses to become a CISO”, apparently qualifications for a Chief Information Security Officer (CISO) requires: - “Understanding of SMTP, DNS, HTTP, Network routing, VPN, and other technologies” - “Understanding of Digital Millennium Copyright Act, trademark, intellectual property, Safe Harbor Provisions, GDPR, and other federal and international legal precedents…” - “Ability to read and analyze multiple log formats”

5 Tips to be an awesome CISO: 1. Make everything about risk appetite. 2. Your traffic light should always remain a steady amber. 3. Ingest all the logs, put something to capture data on every endpoint, every router, switch, and firewall. Ingest it into one on-prem SIEM from where you can send data to your cloud-based SIEM, and a smaller subset to your expensive SIEM that charges you per MB. 4. Go to conferences and talk about all the amazing things you’re doing, big yourself up because your next employer could be sitting in the audience. 5. Of course the 5 year plan will likely get to 7 years before being scrapped as being a pipe dream.

Two in five Chief Information Security Officers (CISOs) have missed holidays like Thanksgiving due to work demands, a Tessian report reveals. In addition, one-quarter have not taken time off work in the past 12 months.

To build out an entirely new cybersecurity program that addresses IT and OT cyber environments independently, CISOs must educate and garner buy-in from their board of directors. CISOs should begin their discussions with their boards by educating the members on common myths about cybersecurity versus the realities. They should be prepared to explain: - IT Cybersecurity Solutions Do Not Work in OT Environments - Compliant Does Not Equal Secure - Stopping One Attack Does Not Prevent the Next

If you have no choice but to pay attackers to get critical data back, these best practices could put you in the best possible position to recover from a ransomware attack. 4 preparation steps to take before a ransomware attack: 1. Teach their employees not to open ransom notes and click on the link inside it. This often starts a countdown to when payment is required. Not opening the note buys time to ascertain which parts of the infrastructure are hit, what consequences the attack has, and the likely costs involved 2. Establish their negotiation goals, taking into consideration backups and best- and worst-case payment scenarios 3. Set out clear internal and external communication lines involving crisis management teams, the board, legal counsel, and the communications department 4. Inform yourself about the attacker to learn their tactics and see if a decryption key is available 5 approaches to ransomware negotiation: 1. Be respectful in conversations and using professional language, leaving emotions outside of the negotiations. 2. Victims should be willing to ask attackers for more time, which can allow them to explore all possibilities for recovery. One strategy is to explain that you need the extra time to raise the required cryptocurrency funds. 3. Instead of stalling for time, organizations can offer to pay a small amount early instead of a larger amount further down the road, with adversaries known to accept heavy discounts in favor of making a quick profit and moving onto another target. 4. One of the most effective strategies is to convince the attacker that you are not in the financial position to pay the amount initially requested, and this can even prove effective for very large organizations that adversaries know have huge amounts of money at their disposal. The research pointed out that there is a difference between having a certain amount of revenue and having millions of dollars in cryptocurrency laying around just for the occasion 5. Avoid telling the adversary it has a cyber insurance policy in place. They should not save cyber insurance documents on any reachable servers. The presence of cyber insurance can make attackers less likely to be flexible with negotiations as most policies cover the costs