bsw212

Business Security Weekly Episode #212 – April 05, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Accelerating Security with Security Automation – 03:00 PM-03:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Description

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security.

Guest(s)

John McClure

John McClure – CISO at Laureate Education, Inc.

@johnmcclure00

John McClure is the Chief Information Security Officer for Laureate Education, Inc. He is a proud military veteran (Army Aviation.) He separated from the military to enter in the technology field. John has worked for more than 20-years in the critical infrastructure and information security arena, and supported the federal government and Intelligence Community for over 20 years before transitioning to the commercial sector.

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. Risk Management Approach, Automation, & the Problem With Cyber Insurance – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for modern ransomware attacks! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. What is a CISO? Responsibilities and requirements for this vital role – CISO responsibilities break down into the following categories:

    1. Security operations
    2. Cyberrisk and cyber intelligence
    3. Data loss and fraud prevention
    4. Security architecture
    5. Identity and access management
    6. Program management
    7. Investigations and forensics
    8. Governance

  2. Developing a Risk Management Approach to Cybersecurity – Security Boulevard – CISOs have an opportunity to reorient their cybersecurity programs away from a focus on compliance, toward a focus on risk. Here’s how:

    Start With Objectives and Risks – Yes, compliance will always be one of those objectives, but consider some of the other objectives the organization has:

    1. Financial
    2. Growth
    3. Personnel

    Tie Together Risk, Security, and IT Governance – The capabilities that are important for IT governance today are more along the lines of:

    1. Data security and data mapping
    2. Your ability to monitor network activity
    3. Provisioning and de-provisioning user access
    4. Security assessments for vendors

    This approach leads to Better Reporting to the Board.

  3. How Automation Can Protect Against Data Breaches – Automating security allows vital data, such as the location of suspicious login attempts, to be tracked without the need for a costly and time-consuming campaign.
  4. The Guide to Presenting Information Security’s Business Value – Security Boulevard – With the ever-changing landscape of cyber risk, how can security teams demonstrate the business value of security programs? How can CISO’s underline the importance of correct procedures that need to be followed company-wide?

    1. Benefits of Cybersecurity Investments Must be Framed Around Enterprise Goals
    2. Define and determine risk posture
    3. Drive home the value proposition added and control the narrative

  5. The Problem with Cyber Insurance: Outdated Incentives – Instead of solving your cybersecurity problems, cyber insurance companies capitalize on your amortized cost given the probability of a breach. It’s economically viable because data breaches have been relatively cheap. Here’s the limitations of cyber insurance:

    1. Cyber Insurance Won’t Save your Reputation
    2. Cyber Insurance Won’t Save your Data
    3. Cyber Insurance may not be a Sustainable Industry

  6. Research: A Little Recognition Can Provide a Big Morale Boost – As organizations large and small face the twin challenges of increasingly strained budgets and burned out workforces, what can managers do to keep employees engaged — without breaking the bank? In this piece, the authors share new research on the power of symbolic awards such as thank you notes, public recognition, and certificates. They find that these simple interventions can significantly improve employee motivation, but clarify that to maximize their effect, it’s essential to customize these rewards to your unique context. Specifically, the authors draw on prior research to highlight five key considerations for managers looking to implement symbolic awards: the most impactful messenger, the best timing, whether to make it private or public, attention to detail, and the importance of starting small. While these interventions are no substitute for fair monetary compensation, especially when cash is limited, symbolic awards can go a long way to demonstrate your appreciation for your employees and keep spirits high.
PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly