Mastering Art and Science, Stakeholder Trust, and Trustworthy Computing – BSW #247
In the leadership and communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecurity Lawmakers Will Not Seek Reelection, and more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!
Hosts
Matt Alderman
Chief Product Officer at CyberSaint
- 1. Cybersecurity Will Become the Top Agenda in Boardroom DiscussionsThree reasons why cybersecurity will Become the top agenda in boardroom discussions: 1. Ransomware threats will continue to evolve. 2. Cybersecurity enters the boardroom. 3. Heightened scrutiny by cyber insurance companies on organizations’ cyber hygiene.
- 2. Mastering Art and Science Is Imperative for CISOs to Be SuccessfulHere are five key attributes that make a CISO or other technology executive a strong and effective leader – one who will help the company earn the trust that stakeholders seek: 1. Create value. 2. Influence. 3. Willingly collaborate. 4. Top off your tech skills. 5. Become immersed in the business.
- 3. Seven Ways to Ensure Successful Cross-Team Security InitiativesAfter making some observations and doing some thinking, I believe that I have identified several important factors. While there are surely others, here are seven ways to ensure successful cross-team security initiatives: 1. Executive support 2. Clear priorities 3. Responsible party 4. Adequate resources 5. Trust 6. Attainable milestones 7. Regular touchpoints
- 4. The Successful CISO: How to Build Stakeholder TrustAs growing security concerns boost the visibility of Chief Information Security Officers, how should CISOs best navigate today's challenges to earn shareholder trust? 1. Use your Personal Brand for Good 2. Always Work Through the Lens of Trust 3. Choose your Platform 4. Set your Own Boundaries 5. You Can’t Fake It 6. Seek Expert Help
- 5. 2 Key Cybersecurity Lawmakers Will Not Seek ReelectionCyber-Focused Reps. Jim Langevin, John Katko Announce Congressional Retirement
- 6. Research: Why Employees Violate Cybersecurity PoliciesIn the face of increasingly common (and costly) cyberattacks, many organizations have focused their security investments largely on technological solutions. However, in many cases, attacks rely not on an outsider’s ability to crack an organization’s technical defenses, but rather on an internal employee knowingly or unknowingly letting a bad actor in. But what motivates these employees’ actions? A recent study suggests that the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate policy on days when they were more stressed out, suggesting that high stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs. In light of these findings, the authors suggest several ways in which organizations should rethink their approach to cybersecurity and implement policies that address the real, underlying factors creating vulnerabilities.
- 7. 20 years after Gates’ call for trustworthy computing, we’re still not thereThen-Microsoft CEO Bill Gates spelled out what his company needed to do to build in better security two decades ago. And yet…. Gates closed out his memo with this: “Going forward, we must develop technologies and policies that help businesses better manage ever larger networks of PCs, servers and other intelligent devices, knowing that their critical business systems are safe from harm. Systems will have to become self-managing and inherently resilient. We need to prepare now for the kind of software that will make this happen, and we must be the kind of company that people can rely on to deliver it.”