10-15-20 - Stop Using Breaches As the Excuse to Improve Your Security Program

Stop Using Breaches as the Excuse to Improve Your Security Program

October 15, 2020

CISO Series

This week's episode of Defense in Depth

Measuring the Success of Your Security Program

Measuring the Success of Your Security Program

is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Chad Boeckmann, CEO, TrustMAPP. All three of us discussed:

  • The process is very systematic. Start with knowing your risks, how you're going to track them, and the controls you're going to put them in place to manage them. Simple to say, hard to do.

  • Security risk is just one of a multitude risks a business faces.

  • Data's whereabouts is a moving target. Having confidence in its location and protections is key to managing overall risk.

  • Constantly be asking who has access to the data and what communications processes are you using to share that information between humans and machines.

  • Discuss with leadership as to how you will judge success and what metrics you will use. C-suite will need to lead the discussion with security providing guidance as to what they can and can't measure.

  • If you're measuring security's performance this is a great opportunity for security to tell its story and prove its value, ultimately setting it up for increased budget and participation from others.

  • An informal metric for success could be how often is security getting invited to informal meetings.

  • Overall positive sentiment of security by non-security employees.

  • How well are you able to build (are people eager to work with you?) and maintain your staff?

  • Another "out of the box" metric to consider are opportunity costs. How many contracts are you losing because you were incapable of meeting a potential customer's security standards?

  • Strong debate as to what is the goal of a security program: Risk reduction or risk management? It's very possible that you are currently managing risk well and the additional cost to reduce risk is not necessary.

Special thanks to this week's podcast sponsor, TrustMAPP.

TrustMAPP

TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.

Cyber Security Headlines

Cyber Security Headlines - October 14, 2020

This week's sponsor of

Cyber Security Headlines

is Trusona

Trusona

TOMORROW! Friday [10-16-20] We're "Hacking Privileged Identities Gone Bad"

Please join us on Friday, October 16th, 2020 for CISO Series Video Chat “Hacking Privileged Identities Gone Bad: An hour of critical thinking about accidental and malicious behavior from humans and machines causing havoc in the cloud”.I'll be leading this discussion with Raj Mallempati, COO of CloudKnox and Dan Walsh, CISO, VillageMD.REGISTER

Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where you get a chance to connect with fellow cybersecurity professionals.

Thanks to our sponsor CloudKnox

Best Moments from "Hacking Vulnerability Management"

Best Moments from "Hacking Vulnerability Management"

Here's a six minute highlights reel of the best moments from last week's CISO Series Video Chat “Hacking Vulnerability Management: An hour of critical thinking about a risk-based approach to dealing with vulnerabilities”.Featured in this discussion are Ram Hegde, CISO, Genpact and Ed Bellis, CTO and co-founder, Kenna Security.Check out the blog post to watch the video, read the "Best Bad Ideas" and the best quotes from the chat room, and to get access to the full one-hour recording.

Huge thanks to our sponsor, Kenna Security

Kenna Security

Have You Considered Chip-Level Data Encryption?

Have You Considered Chip-Level Data Encryption?

As a preview for next week's episode of CISO/Security Vendor Relationship Podcast, Mike Johnson conducted a post show interview with our sponsored guest Rebecca Weekly, senior director of hyperscale strategy and execution, senior principal engineer, Intel. The two of them discussed Intel's recent announcement of the upcoming Xeon Scalable platform, code-named Ice Lake and the encryption opportunities afforded on the secure enclaves. 

Huge thanks to our sponsor, Intel

Intel

Subscribe to all our podcasts

Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!