Threat hunting, Threat modeling

Leadership Articles – Business Security Weekly #138

July 30, 2019



In the Leadership and Communications segment, Leading with Trust, Portrait of a CISO, roles and responsibilities, Cybersecurity Risk: What does a "reasonable" posture entail and who says so?, and more!

Leadership Articles

  • Leading with Trust - in 2018, more CEOs were fired for ethical lapses than for poor financials or over battles with their board. People evaluate a leader’s trustworthiness on the same dimensions they evaluate a company’s. The more of these dimensions a leader has established trust in, the more power he or she has:
    • Legitimacy
    • Competence
    • Motive
    • Means
    • Impact
  • Portrait of a CISO: Roles and responsibilities - Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Here are three informative areas that shed light on the importance of the CISO role, the regulatory guidelines CISOs enforce and the skills necessary to be successful in the position:
    • Evolution of threats expands CISO roles and responsibilities
    • New regulation policies affect CISO compliance oversight
    • CISOs must demonstrate quality communication skills
  • 8 Skills All Leadership Trainings Should Teach Managers - Leadership training is crucial for any management role. Whether you have a large team or just got your first hire, leadership training can help you be the best possible leader. Here are the most important leadership skills you need from any leadership training:
    • Learning Core Leadership Practices
    • Identify Your Leadership Style
    • How to Delegate
    • Motivating a Team
    • Make Good Decisions
    • Managing Conflict
    • Performance Management
    • Digital Leadership Skills
  • What Boards Can Do to Prepare for Crises - According to recent research by the National Association of Corporate Directors, almost half of respondents reported that their focus on known risks was a barrier to understanding and preparing for threats that are hard – or impossible – to predict. Furthermore, fewer than 20 percent of respondents felt confident that management could handle such risks. To help prepare corporate boards, let's translate the COBRA model to the corporate setting:
    • The UK, and other Commonwealth countries, use a Strategic, Tactical, Operational (STO) management structure to manage incidents. Each incident response is allocated one Strategic Commander on the team, one Tactical Commander, and as many Operational Commanders (geographic or thematic) as necessary to fulfill responsibilities. Thus, the strategic members function as the senior management of the response.
    • On the political side are senior elected officials and policy makers, often referred to as the COBRA group.
    • A designated senior, non-elected civil servant on each side in a formal liaison role serves to foster an orderly flow of information between the two.
      • This structure enables political leaders to have input into the handling of the operation while ensuring that they do not try to run it.
      • Conversely, the strategic team members receive valuable information about the political ramifications of their decisions while remaining able to maintain an essential “battle rhythm” to keep pace with unfolding events.
  • Cybersecurity Risk: What does a 'reasonable' posture entail and who says so? - Without an exact definition of what "reasonable" security practices entail, a simpler approach is to evaluate what constitutes a lack of reasonable security. This approach makes it easier for an organization to map data security protection efforts (including privacy and resources) to a known framework.
  • A call to end 'warrant-proof' encryption, but where does privacy protection fit in? - The encryption battle remerges:
    • Deploying encryption practices where the end user is the only one with decryption capabilities is preventing law enforcement from pursuing "communications in transit" and data. "Even with a warrant based on probable cause," encryption is thwarting investigations.
    • Because modern crimes carry heavy digital evidence, "warrant-proof" encryption is a threat to public safety. Encryption is "extinguishing" law enforcement's ability to access and trace evidence in investigations.
    • An individual's "zone of privacy" — person, house, papers and effects — are protected from "unreasonable" investigation. But, the zone of privacy is only possible because the public has a right to access when public safety is in question. Encryption prohibits right of access, morphing devices into "law-free zones."

Full Show Notes

Visit for all the latest episodes!


[caption id="attachment_210" align="alignleft" width="120"]Jason Albuquerque Jason Albuquerque - CISO, Carousel Industries.[/caption]
[caption id="attachment_210" align="alignleft" width="120"]Paul Asadorian Paul Asadorian - CTO, Security Weekly.[/caption]
[caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO, Security Weekly.[/caption]

[audio src="" ]

prestitial ad