Data Governance is Critical to Info Security and Privacy - Michael Redmond - CSP #176

Advisory Boards - helping cybersecurity companies grow is foundational to helping enterprises select best in class tools to protect their environments. If done properly, scaling cybersecurity companies can have a positive global impact on how information is protected and minimizing business disruption. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-180

Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider when moving our organizations towards Zero Trust. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-179

The importance of CISO skills/metrics for the board, demonstrating the business value and necessity of good cybersecurity posture, as capabilities the CISO must master to be effective in securing the appropriate investment level. Join us as we discuss interactions with the board and leveraging metrics to show business value. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-178

CISOs must prioritize the intelligent selection of cybersecurity products by considering the total cost of ownership (TCO) and whether point products or platforms are best suited. This includes the costs of deployment and operations for people, processes, and technology, as well as the ongoing maintenance and support of a product. By considering the TCO of various products, CISOs can make more informed decisions and choose the products that will provide the best value for the organization. Choosing a more expensive product with a lower TCO can be a more cost-effective option overall, as these products often require less maintenance and provide better protection against cyber threats. In a market where capital efficiency is a key concern, this is an essential consideration for CISOs. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-177

Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governance requirements are: GDPR, ISO/IEC 27001:2022 The internal policies pertaining to gathering data, processing data, storing date, and disposal of data storing data, and disposal of data are a concern of information security. These polices also affect but also asset management, It governs who can access what kinds of data and what kinds of data are under governance. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-176

Data is the fuel of modern organizations. Data governance ensures the quality of that fuel, as well as ensure its optimal utilization. It ensures that people use and access data appropriately. This value is timely in the face of artificial intelligence offerings whose utility relies on quality data. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-175

As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting essential information. Good data governance processes are essential for effective security. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-174

Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-173

The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what needs to be done to secure OT. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-172

For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar of traditional IT processes. For critical infrastructure, we are hooking up legacy systems to larger networks. Industrial control systems, that were never designed to be attached to the Internet, are now exposed to a wide array of new threats and attacks. Aside from those risks, digital sensors can be attached to almost anything these days, making everything "smart". And with the ability for sensors to also be controllers the risks levels are rising quickly. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-171