Episódios
-
Advisory Boards - helping cybersecurity companies grow is foundational to helping enterprises select best in class tools to protect their environments. If done properly, scaling cybersecurity companies can have a positive global impact on how information is protected and minimizing business disruption.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-180
-
Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider when moving our organizations towards Zero Trust.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-179
-
Estão a faltar episódios?
-
The importance of CISO skills/metrics for the board, demonstrating the business value and necessity of good cybersecurity posture, as capabilities the CISO must master to be effective in securing the appropriate investment level. Join us as we discuss interactions with the board and leveraging metrics to show business value.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-178
-
CISOs must prioritize the intelligent selection of cybersecurity products by considering the total cost of ownership (TCO) and whether point products or platforms are best suited. This includes the costs of deployment and operations for people, processes, and technology, as well as the ongoing maintenance and support of a product. By considering the TCO of various products, CISOs can make more informed decisions and choose the products that will provide the best value for the organization. Choosing a more expensive product with a lower TCO can be a more cost-effective option overall, as these products often require less maintenance and provide better protection against cyber threats. In a market where capital efficiency is a key concern, this is an essential consideration for CISOs.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-177
-
Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governance requirements are: GDPR, ISO/IEC 27001:2022 The internal policies pertaining to gathering data, processing data, storing date, and disposal of data storing data, and disposal of data are a concern of information security. These polices also affect but also asset management, It governs who can access what kinds of data and what kinds of data are under governance.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-176
-
Data is the fuel of modern organizations. Data governance ensures the quality of that fuel, as well as ensure its optimal utilization. It ensures that people use and access data appropriately. This value is timely in the face of artificial intelligence offerings whose utility relies on quality data.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-175
-
As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting essential information. Good data governance processes are essential for effective security.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-174
-
Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-173
-
The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what needs to be done to secure OT.
This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-172
-
For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar of traditional IT processes. For critical infrastructure, we are hooking up legacy systems to larger networks. Industrial control systems, that were never designed to be attached to the Internet, are now exposed to a wide array of new threats and attacks. Aside from those risks, digital sensors can be attached to almost anything these days, making everything "smart". And with the ability for sensors to also be controllers the risks levels are rising quickly.
This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-171
-
Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intellectual property theft: • Financial losses: Ransomware attacks can cripple operations and demand hefty payments. Manufacturing is a lucrative target for Ransomware. • There is little tolerance for downtime. • Difficulty in managing OT environments (different skillsets) • Increasing connectivity between IT and OT due to digital transformation Incidents such as the well documented Colonial Pipeline attack along with other manufacturing companies like Dole, and Brunswick continue to highlight the growing threat landscape for OT security in manufacturing.
This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-170
-
The cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either continue functioning or can recover quickly when faced with cybersecurity attack.
This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-169
-
Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability to be updated, and robustness (often, OT failures can endanger lives). More recently, as cyber warfare evolves, OT is one of two main attack vectors. This session will explore the threats, and ability to manage them, using war stories.
This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-168
-
Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ecosystem. We have seen the threat landscape change in the last few years. It has always been important to properly identify, categorize, and address risks created by our vendors and strategic partners, to now having to understand the entire supply chain, and how interruptions can affect your business. Even more recently, with the rise of Business Email Compromise (BEC), risks may also come from organizations you have no previous relationship or agreements with.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-167
-
Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at every level (R&D, Design, Manufacturing, Distribution, Staging, Commissioning and Operating). This approach is guided by policies and regulations, continuously evolving to improve our maturity. On the Third-party Cyber posture level, Schneider Electric partners across the industry to raise cybersecurity maturity, with the World Economic Forum (WEF), ISA Global Cybersecurity Alliance (ISAGCA), and Cyber Tech Accord. We specifically have a tiered third-party risk management program which evaluates suppliers through evidenced-based reviews of their secure development processes and cybersecurity posture.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-166
-
Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-political risk, environmental concerns to maintain business resiliency.
This segment is sponsored by VISO TRUST. Visit https://cisostoriespodcast.com/visotrust to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-165
-
With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the steps his company has taken to secure its products, monitor suppliers, and push updates; and his thoughts on the CISA guidance.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-164
-
Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implications, particularly in the healthcare space, are significant where AI-driven care decisions can drift away from optimal care and have the potential to expose significant care gaps.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-163
-
Responsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed.
Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-162
-
Artificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to corporate success.
Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-161
- Mostrar mais