Risk Management Approach, Automation, & the Problem With Cyber Insurance – BSW #212
In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
Matt Alderman
Chief Product Officer at CyberSaint
- 1. What is a CISO? Responsibilities and requirements for this vital roleCISO responsibilities break down into the following categories: 1. Security operations 2. Cyberrisk and cyber intelligence 3. Data loss and fraud prevention 4. Security architecture 5. Identity and access management 6. Program management 7. Investigations and forensics 8. Governance
- 2. Developing a Risk Management Approach to Cybersecurity – Security BoulevardCISOs have an opportunity to reorient their cybersecurity programs away from a focus on compliance, toward a focus on risk. Here's how: Start With Objectives and Risks - Yes, compliance will always be one of those objectives, but consider some of the other objectives the organization has: 1. Financial 2. Growth 3. Personnel Tie Together Risk, Security, and IT Governance - The capabilities that are important for IT governance today are more along the lines of: 1. Data security and data mapping 2. Your ability to monitor network activity 3. Provisioning and de-provisioning user access 4. Security assessments for vendors This approach leads to Better Reporting to the Board.
- 3. How Automation Can Protect Against Data BreachesAutomating security allows vital data, such as the location of suspicious login attempts, to be tracked without the need for a costly and time-consuming campaign.
- 4. The Guide to Presenting Information Security’s Business Value – Security BoulevardWith the ever-changing landscape of cyber risk, how can security teams demonstrate the business value of security programs? How can CISO’s underline the importance of correct procedures that need to be followed company-wide? 1. Benefits of Cybersecurity Investments Must be Framed Around Enterprise Goals 2. Define and determine risk posture 3. Drive home the value proposition added and control the narrative
- 5. The Problem with Cyber Insurance: Outdated IncentivesInstead of solving your cybersecurity problems, cyber insurance companies capitalize on your amortized cost given the probability of a breach. It’s economically viable because data breaches have been relatively cheap. Here's the limitations of cyber insurance: 1. Cyber Insurance Won’t Save your Reputation 2. Cyber Insurance Won’t Save your Data 3. Cyber Insurance may not be a Sustainable Industry
- 6. Research: A Little Recognition Can Provide a Big Morale BoostAs organizations large and small face the twin challenges of increasingly strained budgets and burned out workforces, what can managers do to keep employees engaged — without breaking the bank? In this piece, the authors share new research on the power of symbolic awards such as thank you notes, public recognition, and certificates. They find that these simple interventions can significantly improve employee motivation, but clarify that to maximize their effect, it’s essential to customize these rewards to your unique context. Specifically, the authors draw on prior research to highlight five key considerations for managers looking to implement symbolic awards: the most impactful messenger, the best timing, whether to make it private or public, attention to detail, and the importance of starting small. While these interventions are no substitute for fair monetary compensation, especially when cash is limited, symbolic awards can go a long way to demonstrate your appreciation for your employees and keep spirits high.
