Driving the Business of Infosec Through the GRC Program - Greg Bee - CSP #185

Let’s talk about the vCISO’s approach to Incident Response advisory with clients; particularly small and medium sized businesses (SMB). How can your cyber liability insurance support your organization outside of when an incident occurs? We will discuss strategies SMBs can take to strengthen their IR plans while keeping in mind their business needs and contingency plans. Segment Resources: https://www.linkedin.com/in/wilklu/ This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-192

Listen to the importance of legal relationships and interaction with the CISO and security program. Jess and Joe talk about the need for legal to understand the security team's day to day and also what incident response means to your organization. Bringing your legal reps into the folds when a breach happens is too late! Work as a team early to make sure all parties are knowledgeable and ready to act without time wasted. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-191

Todd Fitzgerald will be moving on from the CISO STORIES podcast after 185+ episodes, which was initiated almost 4 years ago following the publication of the #1 Best-Selling CISO COMPASS book, which has guided 1000’s of emerging, current, experienced, and new CISOs and their teams in their journey to protect our organizations’ and nation’s information assets through a structured, business-oriented roadmap. Over 75 CISO and industry leader contributors to the book had their ‘grey boxes’ come to life in their own voice through this podcast. Since then, many esteemed CISOs have been on the invitation-only podcast to share practical, pragmatic experiences on timely, relevant issues. We learn from each other, and it is an honor to interview such top-notch CISOs. Join us as Todd shares his view of the evolution of the CISO role and where it is going. Todd will also share some of the memorable moments and messages from producing the podcast. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-190

Vulnerabilities are the ‘front doors’ for attackers to infiltrate our systems and a key process organizations must get right into order to protect our systems and information assets. Join us as we discuss vulnerability management, identification of assets, prioritization, threat intelligence, leveraging tools, desired vulnerability product features, business impact and vulnerability measurement timing. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-189

Rapid advancement in the sophistication and availability of "deepfake" technology enabled by generative AI - the ability to generate convincing multimedia and interactive representations indistinguishable from the real thing - presents new and growing challenges for CISOs seeking to combat fraud, intrusion, disinformation, and other adverse consequences of social engineering. CISOs will need to maintain enhanced understanding of deepfake technology to craft and manage effective controls - yet some of the most effective controls may be surprisingly low-cost and low-tech. This podcast will examine the state of practice for deepfake generation and distribution and discuss effective countermeasures and controls for common threat typologies. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-188

Managing vulnerabilities is a large, complex problem that can't be completely fixed. And still, many cybersecurity organizations continue with a traditional approach that attempts to address all vulnerabilities, spreading staff too thin and increasing exploitation windows. With a small set of vulnerabilities being the cause of most of the breaching, taking a focused approach can have a significant impact on reducing the risk of successful cyber attacks. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-187

Join us as we discuss how critically important it is for a CISO to establish, maintain, and frequently leverage in informal network. With almost daily changes in the threat landscape across all industries, it's critical to have informal but trusted resources to rely on for advice, information, and just overall "sounding board" opportunities. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-186

Join us as we discuss the organization’s GRC program and how GRC helps drive the business of information security from internal and external perspectives to integrate security into the culture, while maintaining compliance with regulations imposed for insurance and public companies. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-185

CISOs need to enhance their strategic influence and operational impact within their organizations. This calls for a departure from traditional, insular security approaches towards a partnership model that aligns security initiatives with business growth and value. By adopting an attitude of listening, humility, and interdisciplinary collaboration, CISOs can transcend fear-based justifications for investment and instead, demonstrate how robust cyber security measures contribute to the overall health and success of the business. Such an evolution in the CISO role is essential for building resilient, forward-looking organizations that view security as a cornerstone of their strategic endeavors. In the combined context of Resilience and Reputation and Trust, CISOs must orchestrate a delicate balance between robust defensive measures and the cultivation of a strong, trustworthy brand. At this juncture, resilience becomes more than just a technical safeguard; it is about ensuring the continuity and reliability that stakeholders have come to expect. This reliability directly feeds into the organization's reputation, setting the stage for trust to be the cornerstone of all engagements—internal and external. The journey from a reactive security posture to one that is proactive and business-aligned requires that CISOs embed security consciousness into the corporate DNA. As they reach these advanced stages, CISOs transform their roles from protectors to strategic enablers, guiding their organizations through the digital landscape with a clear vision for safeguarding and enhancing both operational fortitude and brand integrity. Security thus becomes an integral part of the value proposition, fostering trust and loyalty among customers, and cementing the organization's reputation as a leader in responsible business practices in the digital age. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-184

With the vast number of cybersecurity solutions in the marketplace, how do you identify what fits with your company’s strategic goals, then deploy and scale in a reasonable timeframe? Hear a CISO who has built a methodology for assessing and implementing new security technologies and successfully used it at several large global enterprises. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-183