CISO Series Newsletter
Posts
Please Don't Investigate Our Impeccable Risk Predictions

Please Don't Investigate Our Impeccable Risk Predictions

July 09, 2019

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of CISO/Security Vendor Relationship Podcast

Please Don't Investigate Our Impeccable Risk Predictions

On this episode of the CISO/Security Vendor Relationship Podcast

, Mike Johnson and our sponsored guest, Bob Huber, CSO, Tenable, discuss:

If a risk prediction is never validated, is it even a prediction?

People can spout their opinions of risk, but without validating predictions you may be making the wrong prediction over and over again and never even know it. Analyzing the success or failure of a risk prediction needs to be built into the program.

How "smart" have we become regarding cloud deployment?

In the early days of cloud, companies were just moving workloads from on premise environments to cloud without taking advantages of the value of cloud, like elasticity.

Shadow IT is unavoidable. Accept it. It's a reality

. You can't control every department. Organizations are going to see new cloud services that are going to make their job easier and they're going to deploy it probably without any approval from IT or security. You simply have to be aware. Continuously take account of all your assets and services.

Does the term "DevSecOps" have to exist?

The concept of DevOps has been around for a while and it definitely has value. Has security tried to force their existence into the conversation by branding DevSecOps?

Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Tenable.

Effective vulnerability prioritization helps you answer three questions: Where should we prioritize based on risk? Which vulnerabilities are likeliest to be exploited? What should we fix first? Tenable gives you the accurate and actionable data you need to answer these questions and better secure your business. Learn more:

tenable.com/predictive-prioritization

Mike Johnson on the right questions CEOs need to ask about their security program

Cloud Security Tip by Steve Prentice, sponsored by OpenVPN

Parkinson’s Law states that “work expands to fill the time available,” and any IT specialist knows this applies equally to data and can be stated as “Data expands to fill the storage available.” As cloud service providers – and the cloud itself both continue to expand, the opportunity to transport and store all of your data seems to be a great convenience. But data management requires oversight, control and governance. The more data – and daily data flow –one has, the greater the potential for misuse, redundancy, errors, and costly maintenance. Read more...Check out more Cloud Security Tips sponsored by OpenVPN.

You can record a question or comment for the podcasts

We get tons of contributions from listeners for the show, but we don't get many recorded contributions. We have an option on the CISO Series site where you can record a short question or comment for the show. We'd love to actually hear your thoughts and we want to put it on the show. Just

go to the Participate menu item on CISOseries.com

and record your question or comment for the show. Make it awesome and we'll use it on the show.

Adam Glick of Brown Brothers Harriman on making sure your tools work in sync

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.