Mastering Art and Science, Stakeholder Trust, and Trustworthy Computing – BSW #247

Matt Alderman

1. Cybersecurity Will Become the Top Agenda in Boardroom Discussions
   Three reasons why cybersecurity will Become the top agenda in boardroom discussions: 1. Ransomware threats will continue to evolve. 2. Cybersecurity enters the boardroom. 3. Heightened scrutiny by cyber insurance companies on organizations’ cyber hygiene.
2. Mastering Art and Science Is Imperative for CISOs to Be Successful
   Here are five key attributes that make a CISO or other technology executive a strong and effective leader – one who will help the company earn the trust that stakeholders seek: 1. Create value. 2. Influence. 3. Willingly collaborate. 4. Top off your tech skills. 5. Become immersed in the business.
3. Seven Ways to Ensure Successful Cross-Team Security Initiatives
   After making some observations and doing some thinking, I believe that I have identified several important factors. While there are surely others, here are seven ways to ensure successful cross-team security initiatives: 1. Executive support 2. Clear priorities 3. Responsible party 4. Adequate resources 5. Trust 6. Attainable milestones 7. Regular touchpoints
4. The Successful CISO: How to Build Stakeholder Trust
   As growing security concerns boost the visibility of Chief Information Security Officers, how should CISOs best navigate today's challenges to earn shareholder trust? 1. Use your Personal Brand for Good 2. Always Work Through the Lens of Trust 3. Choose your Platform 4. Set your Own Boundaries 5. You Can’t Fake It 6. Seek Expert Help
5. 2 Key Cybersecurity Lawmakers Will Not Seek Reelection
   Cyber-Focused Reps. Jim Langevin, John Katko Announce Congressional Retirement
6. Research: Why Employees Violate Cybersecurity Policies
   In the face of increasingly common (and costly) cyberattacks, many organizations have focused their security investments largely on technological solutions. However, in many cases, attacks rely not on an outsider’s ability to crack an organization’s technical defenses, but rather on an internal employee knowingly or unknowingly letting a bad actor in. But what motivates these employees’ actions? A recent study suggests that the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate policy on days when they were more stressed out, suggesting that high stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs. In light of these findings, the authors suggest several ways in which organizations should rethink their approach to cybersecurity and implement policies that address the real, underlying factors creating vulnerabilities.
7. 20 years after Gates’ call for trustworthy computing, we’re still not there
   Then-Microsoft CEO Bill Gates spelled out what his company needed to do to build in better security two decades ago. And yet…. Gates closed out his memo with this: “Going forward, we must develop technologies and policies that help businesses better manage ever larger networks of PCs, servers and other intelligent devices, knowing that their critical business systems are safe from harm. Systems will have to become self-managing and inherently resilient. We need to prepare now for the kind of software that will make this happen, and we must be the kind of company that people can rely on to deliver it.”