動画検索
関連広告
検索結果
What is a CISO
You can't prevent all cyber attacks
Avoid all extremes
What's the value or benefit?
What's the risk or exposure?
The old school approach doesn't work anymore
The CISO's main responsibility
What is the Risk?
CISO's allow business to function and be successful
Cybersecurity is a business enabler
If security negatively impact the business, then security is wrong
Strategy V.S. Tactics
The CISO Paradox Introduction
Evolution of IT Infrastructure Management
Mature Field of IT Infrastructure Management
Dilemmas in Patching for Security vs. Uptime
Addressing Unrealistic Security Expectations
Realistic Approach to Cybersecurity Management
Executive Responsibility for Risk Decisions
Long-Term Benefits of Accountability Implementation
Welcome
Teaching the core focus areas that you need to be successful
You must have somebody in charge
Security is not a component of IT, it is separate from IT.
What I don’t like to see is a CISO that reports to a CIO, I like him to report to the CEO
Sometimes uptime and security are at odds, and the CEO needs accurate information
By 2025, The CIA (Confidentiality/Integrity/Availability) may have their own dept. head
The CISO must be equal to the CIO.
Why CIO and CISO are sometimes at odds
You must have a single metric of success
You need your version of “5 nines”
The current metric for a CISO (and why it’s very bad)
Functionality/Security is zero sum
The goal of security is not to prevent all attacks, it’s to minimize exposure of critical data
The best security metric I could find
Attempted attacks
How many attacks do you think you have per week?
Why this metric raises awareness
You need to have security KPIs for all of the business units.
Security problems in action
Why VPs will fight you when you advocate for yourself
Phishing campaign as a metric for success
Wrap up and review: 3 things you need to be a successful CISO
Intro
Why doesn’t anyone listen to you?
No one has any clue what a CISO is supposed to be
Organizations need a CISO now
No one has defined what a CISO is supposed to be
What are the primary responsibilities of a CISO?
Chief officer is focused on the profitability of the organization
CISO is not a technical position
Chief officer is a business-focused position
What is cyber security focused on?
You must be able to accept risks to be world-class
How are average CISOs different?
Do you understand what the critical data is for your company?
Integrity and availability is important
CISO is an executive that can take problems and translate them
As a CISO, you should never be saying no