bsw222

Business Security Weekly Episode #222 – June 28, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Year of Hybrid – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/fortinet for more information!

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 5th at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

For the private sector and government alike, 2021 is proving to be a year of transition and refocused activity. A year of hybrid activity – from cyber threats to IT approaches.
Segment Resources:

https://www.fortinet.com/blog

This segment is sponsored by Fortinet.

Visit https://securityweekly.com/fortinet to learn more about them!

Guest(s)

Jim Richberg

Jim Richberg – Public Sector Field CISO at Fortinet

Fortinet Field CISO working to bring cybersecurity solutions to industry and the public sector following a 30+ year career driving innovation in cyber intelligence, policy and strategy for the United States Government and international partners.

Served as National Intelligence Manager for Cyber, the senior Federal Executive focused on cyber intelligence within the $80+ billion US intelligence community (IC) annual operating budget. Senior Advisor to the Director of National Intelligence (DNI) on cyber issues. Set collection and analytic priorities for the IC’s 17 departments and agencies on cyber threats.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Boardroom Perspectives, Greater Business Understanding, & Preventing Burnout – 03:30 PM-04:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • In our July 14th democast at 11 AM ET, learn how to reveal and protect your entire attack surface. Then join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. Finally, in our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real: 3 preventative steps every CISO must take, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Boardroom Perspectives on Cybersecurity: What It Means for You – Because board members are paying close attention to security, security leaders must be able to respond to and alleviate their concerns with data. CISOs and IT leaders need to report, in quantifiable business terms, the value the organization’s security program delivers based on continuous testing, optimization, and proof of effectiveness. Below are three steps CISOs should take to accomplish this and report in terms that the board and C-suite understand.

    1. Let Intelligence Lead the Way
    2. Validate With Proof of Effectiveness
    3. Report With Confidence

  2. ‘Cybersecurity today requires greater digital and business understanding’ – BSI’s Mark Brown discusses current infosec challenges, the need for diversity in cybersecurity recruits, and how he picked up his tech flair from his dad.
  3. NIST Releases Preliminary Draft for Ransomware Risk Management – NIST has released a preliminary draft that is open for public comments to address the Ransomware Risk Management issue. The comment period closes on July 9, 2021. According to NIST, the said Ransomware Profile is intended and applicable for organizations that:

    – Have already adopted the Cybersecurity Framework.
    – Are familiar with the Cybersecurity Framework and want to improve their risk posture.
    – Are unfamiliar with the Cybersecurity Framework but need to implement a risk management framework to meet ransomware threats.

  4. 12 skills business continuity managers need to succeed – The business continuity, disaster recovery and resilience professions have matured, and face a challenging future. Resilience has taken on various forms, and an evolving set of potential disruptive events face business continuity managers. For those already in a business continuity manager role or looking into one, the following skills are essential:

    1. communication of BCDR plans and standards;
    2. collaborating through diverse channels;
    3. business impact and risk analysis;
    4. project management;
    5. IT skills;
    6. measuring risk;
    7. auditing across a range of BCDR areas;
    8. financial analysis;
    9. emergency management;
    10. consensus-building, for programs and tools;
    11. adaptability to advance BCDR goals; and
    12. empathy.

  5. How to succeed in a CIO transition – Companies often search for the right leadership-ready-yet-technically-savvy successor to the CIO in the final months of an executive’s tenure — despite the advantages of succession planning.

    Organizations lean toward selecting outside candidates to fill CIO roles. Four in five organizations selected external CIOs in 2020, according to data from SIM. But tapping a successor internally can ensure preparation and built-in knowledge about business needs without the onboarding outside candidates require.

  6. SOC burnout is real: 3 preventative steps every CISO must take – Help Net Security – For those that spend every day as a security professional and for anyone who truly appreciates the demands applied to these essential security team members, burnout is a harsh reality.

    Successful CISOs have a few proactive steps the help prevent burnout:

    1. The CISO makes it clear that the SOC/IR team is empowered to focus on identifying and dismantling adversaries, full stop
    2. The CISO selects security solutions not only based on technology, but also by how the vendor understands his or her challenges and will partner with them
    3. The CISO ensures the SOC/IR team has access to experts when it counts

  7. Colorado Privacy Act Inches Closer to Becoming a Reality – The Colorado State Senate approved the “Colorado Privacy Act” on June 8, becoming only the third state after California and Virginia to have a comprehensive data privacy law. The Senate Bill/Act 190 has now been sent to Governor Jared Polis, whose signatures will seal the fate of this act, which would then come into effect on July 1, 2023, unless he uses his veto to stop its enforcement within 10 days of transmission.

    The privacy act will not apply to all businesses operating in Colorado but only to the ones that:

    – Store or process personal data of more than 100,000 consumers annually, or
    – Sell personal data and process or control the personal data of 25,000 or more Colorado resident consumers.

    The Colorado Privacy Act has been drafted in a manner that grants the residents of the state five key rights:

    1. Right to opt-out of the sale of their personal data.
    2. Deny processing of personal data for targeted advertising purposes.
    3. Opt-out of automated profiling that produces legal or similarly significant effects.
    4. Right to access and correct their personal data for any inaccuracies held by the data controller.
    5. Right to get their data in a portable and ready-to-use format and the privilege to erase this personal data from the data controller’s database whenever they wish to.