- CISO Series Newsletter
- Posts
- We're 99% Sure Our Malware Will Fail 1% of the Time
We're 99% Sure Our Malware Will Fail 1% of the Time
We're 99% Sure Our Malware Will Fail 1% of the Time
This week's podcast episode of the CISO/Security Vendor Relationship Podcast
We're 99% Sure Our Malware Will Fail 1% of the Time
Guest co-host John Prokap, CISO of HarperCollins, and our guest Johna Till Johnson, CEO, Nemertes Research, discuss the following:
Provide consent for what you're going to do with the data. Asking for consent to collect data doesn't give the user any insight as to what you're going to do with the data. Explain the purpose of collecting the data.
Don't be fooled by statistics. If a malware vendor claims that they block viruses 99 percent of the time, that means the malware has a one percent failure rate. If that malware gets inside your systems, then it's 100 percent effective at infecting your network.
Forward thinking CISOs are buying based on risk reduction. CISOs that are not effectively building out their security program are still reactionary product buyers or purchasing based on meeting compliance issues. Those CISOs that are working with the business are learning how their security programs can reduce risk.
Special thanks to Context Information Security for sponsoring this week's episode of the CISO/Security Vendor Relationship Podcast.
Context Information Security is a leading technical cyber security consultancy, with over 20 years of experience and offices worldwide. Through advanced adversary simulation and penetration testing, we help you answer the question – how effective is my current cyber security strategy against real world attacks?
WE'RE COMING BACK TO SF (3/6/19)
We had so much fun at our last two live recordings that we're going to do it again on Wednesday, March 6th in San Francisco right in the heart of the financial district. Just REGISTER and we'll see you there.
This week's episode of Defense in Depth
Building an Information Security Council
On this episode of Defense in Depth:
Co-host Allan Alford, CISO of Mitel, and our guest Nick Espinosa, host of The Deep Dive with Nick Espinosa, discuss the following:
A good starting point for building an information security council is to develop a business continuity and disaster recovery plan with all departments and stakeholders.
Understand the risk tolerance of each division.
A well-informed information security council can often benefit from needing less security training.
Companies need to create a culture of not shaming people for making mistakes that compromise security. You want employees to feel free to speak up if they do make a mistake.
Special thanks to this week's Defense in Depth podcast sponsor, Fluency Security.
Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.