Business Security Weekly (Audio)

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification. In part 1, we discuss the challenges of data inventory and classification, including: identifying all data sources within an organization, including databases, applications, cloud storage, physical files, etc., and documenting details like data type, location, and volume categorizing all data based on its sensitivity level, usually using classifications like "public," "internal," "confidential," or "restricted," which determines the necessary security measures to protect it prioritizing security measures and protecting critical information more effectively Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification. In part 2, we discuss the steps involved in data inventory and classification, including: Data discovery: Identify all data sources across the organization using data mapping tools. Data profiling: Analyze data attributes to understand its content and characteristics. Data classification: Assign appropriate sensitivity levels to each data set based on predefined criteria. Data tagging: Label data assets with their classification level for easy identification. Data ownership assignment: Determine who is responsible for managing each data set. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-383

02-19

53:38

This week, we tackle a ton of leadership and communications articles: Why CISOs and Boards Must Speak the Same Language on Cybersecurity, The Hidden Costs of Not Having a Strong Cybersecurity Leader, Why Cybersecurity Is Everyone’s Responsibility, Leadership is an Action, not a Position, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-382

02-12

54:07

From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole. Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher. In the leadership and communications segment, Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive, Humble Leaders Inspire Others to Step Up, Effective Communication in the Workplace, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-381

02-05

01:02:04

The last five weeks have seen a flurry of news on Artificial Intelligence, especially this last week. It started on December 17, 2024 when the Bipartisan House Task Force on Artificial Intelligence (AI) released a report on “[g]uiding principles, forward-looking recommendations, and policy proposals to ensure America continues to lead the world in responsible AI innovation.” Then a new administration, which: revoked more than 50 prior executive orders, including Executive Order 14110 of October 30, 2023 (Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence). announced a private-sector $500 billion investment in AI infrastructure tasked federal agencies with drafting a new AI action plan within 180 days signed an executive order on developing artificial intelligence ‘free from ideological bias’ The Business Security Weekly crew tries to make sense of it all. In the leadership and communications segment, How CISOs can elevate cybersecurity in boardroom discussions, Nearly half of CISOs now report to CEOs, showing their rising influence, Steve Jobs Shared 1 Crystal Clear Way You'll Spot an Exceptional Leader, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-380

01-29

44:38

Becoming a CISO is a lofty goal for many security and risk pros, and the role brings new sets of challenges. CISOs who accept the wrong opportunities will be forced to conform, rather than excel, and take on outsized liability for the scope of responsibilities. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team, and Jess Burn, Principal Analyst, both from Forrester Research join Business Security Weekly to discuss The Future Of The CISO report. This report outlines the six most common types of CISOs based on Forrester Research and interactions with security leaders, including the characteristics and competencies of each type. This report helps security leaders define who they are, their values, and optimal situations for their skill set. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team, and Jess Burn, Principal Analyst, both from Forrester Research join Business Security Weekly to discuss the second part of The Future Of The CISO report. What if you don't like the future of the CISO role and want to get out? The report also provides guidance on what comes after the CISO role, as leaders contemplate the next step in their career. If you think it's a board role, you better know what skills are needed, as cybersecurity by itself is not enough. Join in for part 2. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-379

01-22

59:41

In the leadership and communications segment, New Year, New Cyber Threats: How Boards Are Stepping Up (or Not), Why CISOs should build stronger bonds with the legal function in 2025, New Managers: You Don’t Need to Know It All, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-378

01-15

36:18

Data is the fastest growing enterprise attack surface, and is projected to surpass 181 Zettabytes in 2025. Couple data growth with the growing demands of Artificial Intelligence, and the attack surface expands even more. How should organizations adapt their security programs to safeguard their data? Lamont Orange, Chief Information Security Officer at Cyera, joins Business Security Weekly to help you solve your biggest data security challenges. By starting with inventory and classification, data access review can help you answer your biggest data security questions, including: what data you have, where it's stored, who, or what, can access it, and which data risks exist. In the leadership and communications segment, The Business of Cybersecurity: The CISO’s Role in Alignment and Pervasive Governance, CISO Priorities for 2025: Budget Wisely, How Do I Position Myself to Influence Senior Leadership?, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-377

01-08

57:45

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities: Asset Management Patch Management IAM/MFA/PIM/PAM EDR/MDR/XDR Backup/Recovery Risk Management Show Notes: https://securityweekly.com/vault-bsw-16

12-30

47:30

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities. Show Notes: https://securityweekly.com/vault-bsw-15

12-23

27:14

The local network is no more. Neither is the corporate firewall. Users are not only working from the office but also remotely, meaning the network we utilize has quickly become the internet, leaving devices and data vulnerable to cyber threats. But how do we monitor this new, expanded network? Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how the dissolution of the business perimeter makes network access controls essential to protect your devices and, by extension, your data. Network Access Control helps protect business assets whether employees are in the office or remote. ThreatLocker Network Control provides a direct connection between the client and server, as opposed to a VPN that goes through a central point. This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don’t rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-376

12-17

55:41

For over 15 years, Okta has led the charge in securing digital identities through more sophisticated sign-in solutions. Our latest 2024 Secure Sign-In Trends Report offers insights into the rapidly evolving world of identity security, specifically on how organizations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins. In this year's report, we explore: - The surge in MFA adoption across industries, and what it means for the future of secure authentication. - Phishing-resistant authentication methods gaining traction, signaling that the passwordless future is possible. - Why a seamless user experience and strong security are no longer in opposition. - How industries compare in their adoption of modern authentication, and who's setting the pace. Segment Resources: Secure Sign-In Trends Full Report: https://www.okta.com/resources/whitepaper-the-secure-sign-in-trends-report/ Todd McKinnon Blog on the Secure Sign-In Trends Report: https://www.okta.com/blog/2024/10/phishing-resistant-mfa-shows-great-momentum/ This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them! In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here’s How to Use Notes Like a Pro, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-375

12-10

59:34

This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh! Here are all the companies that now comprise the index: SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-374

12-03

51:48

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023. Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. Show Notes: https://securityweekly.com/vault-bsw-14

11-25

37:40

The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management. Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including: Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors. Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks. The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks. The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings. This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them! In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-373

11-19

47:25

Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health? Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health. In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw-372