Office of the CISO, The Fearless CISO, and America’s Cyber Reckoning – BSW #244
In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America’s Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!
Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. C-suite’s biggest ransomware fear: Post-attack regulatory sanctions - C-suite executives and business leaders are most concerned about being exposed to regulatory sanctions, such as fines, over and above the loss of data or intellectual property (IP) and other consequences, in the wake of a ransomware attack, according to new data from cyber pro association (ISC)².
- 2. The Office of the CISO: A Framework for the CISO - The Office of the CISO framework integrates the (increasingly expected) elements of ‘executive’ in the context of the CISO function. CISOs are more impactful, and their programs are more effective; when they are delivering at a higher caliber of ‘executive.’ The 3 Pillars of the Office of the CISO: 1. Strategy, Governance & Oversight 2. Talking & Partnering 3. Operations
- 3. The Fearless CISO: 4 Ways to Secure Everything - What happens when security leaders have a comprehensive security approach based on Zero Trust principles? They can be fearless, armed with the ability to secure everything without any limits. Let’s take a look at four ways that we have seen organizations manage a comprehensive security approach: 1. Commit to a Zero Trust Strategy 2. Manage Compliance, Risk, and Privacy 3. Use a Combination of XDR + SIEM Tools 4. Using MFA Whenever and Wherever Possible
- 4. America’s Cyber-Reckoning - To do better, the United States must focus on the most pernicious threats of all: cyberattacks aimed at weakening societal trust, the underpinnings of democracy, and the functioning of a globalized economy. The Biden administration seems to recognize the need for a new approach. But to make significant progress, it will need to reform the country’s cyber strategy, starting with its most fundamental aspect: the way Washington understands the problem.
- 5. Security priorities for 2022: Advancement, not revolution - Security leaders say their priorities reflect security needs due to recent shifts in their organization’s IT and business environments, a changing threat landscape, and emerging risks. - Cloud data protection technologies top the priority list, with 87% of CISOs either studying, piloting, using or upgrading their use of them. In a related finding, 88% of CISOs are prioritizing cloud-based cybersecurity services. - Data access governance technologies also tops the CISO priorities list, as does zero trust, with 84% indicating that zero trust is a priority for them. - Behavior monitoring and analysis is another big priority, with 82% saying they’re studying, piloting, using, or upgrading their use of them. - CISOs also indicated high interest or use of security orchestration, automation and response (SOAR) technologies, with 77% of CISOs either studying, piloting, using or upgrading their use.
- 6. How to Include Cybersecurity Training in Employee Onboarding - Approach cybersecurity training in a structured way. Think of it as a cybersecurity checklist for new employees: - Set Employee Cybersecurity Expectations - Cybersecurity Awareness Training for New Employees - Easy Security Threat Reporting - Cybersecurity Training Advocates - Manage User Privilege Access - Protecting Passwords and Other Login Credentials - Require Lock Screen Passcodes for Unattended Devices - Require a VPN for Remote Work - Cybersecurity Training Should Include Managing Allowed Apps - Set BYOD Guidelines - Include Company Device Use Policies in Employee Onboarding - Device Monitoring - Ongoing Cybersecurity Training