(2021) CISO strategic plan and Best practices
Today is another review on basic definitions of what is strategy. I continue to go over and over this because strategy is not a one-dimensional concept that you can learn the definition of once and never need to know it again. Strategy means not just knowing what the risks are, but being able to explain them to the executives, and help them understand how to allocate their budget according to the standards that they have. In essence, as a CISO, your job is a translator between the whims of the executives and the actions of security engineers. That’s why I continually review key terms, and present them in different contexts, until you truly understand them.
🔑 [FREE MASTERCLASS]
Discover How You Can Advance Your Career Through Cybersecurity
https://safe.secure-anchor.com/nl-web...
0:00 Intro
0:20 A CISO focuses on strategy
1:28 Executives focus on growing the organization
1:59 Cookie cutter security doesn’t work
2:47 It’s much easier for me to tell you the answer, but you have to own it
3:36 Security must be a business enabler
4:33 Can having unpatched servers be a good thing?
6:00 The world is not perfect.
7:12 Always put monetary values on everything
7:35 My predictions are right...but the time is wrong
8:00 Stop using emails to transfer files
10:12 Most phishing attacks are unexpected
11:20 Old habits die hard
12:42 There is always resistance to change, and here’s why
14:55 The solution is comparative, accurate data
17:17 How I present my budget and risks every year: one chart
18:12 What is the risk, likelihood, cost of a breach and cost to fix it?
18:35 If the execs don’t listen to you, say “what is the current loss today.”
18:54 Do you know the definition of cybersecurity?
21:37 Always ask the risks
21:50 What is critical data
22:00 How do we divide the budget on the CIA triad?
22:28 Train executives to ask the second question
25:34 Execs only ask the value and benefit, not the risk
26:42 Have an acceptable level of risk
28:13 The VP has the authority to override the CISO
29:49 Wrap up
About Dr Eric Cole
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.
Follow me:
/ drericcole
/ drericcole
/ drericcole
https://www.secure-anchor.com/
#LifeOfaCISO #CISO
