Becoming a Virtual CISO: Everything you need to know
On this episode, we take a moment to define cyber security. It’s a term we use every day, but few of us actually stop to think about the actual definition. Cyber security understanding, managing, and mitigating risk of your critical data from being disclosed, altered or denied
access to.
🔑 [FREE MASTERCLASS]
Discover How You Can Advance Your Career Through Cybersecurity
https://safe.secure-anchor.com/nl-web...
There are 3 components to cyber security:
1: Risk - Understanding historical and comparative data to understand where to put your resources
2: Critical data - If you want to be a good CISO, you have to be obsessed with where the physical data is, who has access to it, and how it is being protected.
3: CIA - Confidentiality, Integrity, and Availability.
Resources (money & time) are finite resources. I have an exercise called “the pie chart.” In this exercise, the executive uses a pie chart to show which of these three has the highest and lowest priorities. In order to be a successful CISO, the CISO and the executive team must have their priorities in alignment with each other.
Show Notes:
0:03 Welcome
0:31 What exactly is a V-CISO
0:50 A history lesson
1:29 Security and uptime are sometimes in conflict
2:55 Organizations realized that they needed a strategic position
3:40 Companies need a CISO, but not all of them need a full time position
4:02 Which is why we have a V-CISO
4:40 But I went one step further
5:50 What makes a good CISO
7:12 A CISO is a strategic position
7:22 Question of the day: What is cyber security?
8:25 The traditional “Bottom up” approach doesn’t work
9:07 Analogy of the cursing father
10:04 The two questions I ask
10:47 Some definitions I’ve heard of cyber security
11:25 A formal definition of cyber security
11:58 The three components of cyber security
12:30 Let’s take each of those three components and break them down
13:20 What is the probability of something happening in the future?
14:27 Insurance companies calculate risk
15:46 Historical data is one of the best predictors of future occurrences
16:10 Comparative data is also a good predictor of future risk
17:53 You don’t always get it right
18:50 100% security exists...with no functionality
20:51 Cyber security is all about critical data
21:43 Why breaches happen
23:40 CIA - Confidentiality, Integrity, and Availability
24:14 The problem with confidentiality
25:00 Ransomware exposed the flaws with the existing system
28:38 The alignment exercise for CISOs and executives
31:35 Final thoughts
About Dr Eric Cole
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.
Follow me:
/ drericcole
/ drericcole
/ drericcole
https://www.secure-anchor.com/
#LifeOfaCISO #CISO
