BreachExchange mailing list archives
5 Questions CISOs Should Ask Themselves
From: Destry Winant <destry () riskbasedsecurity com>
Date: Mon, 8 Apr 2019 03:11:01 -0500
https://www.cisomag.com/5-questions-cisos-should-ask-themselves/ CISOs are the cornerstone for managing the high-level risks of data security, which means they’ve got a lot on their plates. Detecting responding and protecting against threats requires them to maintain compliance standards select a strategic mix of technologies manage a strong security team and empower the company’s broader workforce to act effectively. (No pressure, right?) The good news for CISOs is they’re not alone; there are tools that can help. Here are five questions CISOs should ask themselves to make sure they have the right tools and systems in place to better protect their company’s data people and reputation. How much of our cyber approach is dedicated to proactive threat hunting vs. ongoing response? As any C-level executive working in 2019 can tell you, the days of simply waiting for incidents to bubble up no longer holds water. Organizations are realizing that proactive threat hunting is the key to stronger protection and better understanding vulnerabilities. But for many, dedicating headcount to threat hunting versus incident response is not always possible. Putting out the biggest fires will always be necessary, but when these fires consume the majority of a team’s time, there are limited resources left to proactively look for potential weaknesses in the organization. Having a security platform that consolidates and contextualizes all endpoint and server events can enable smaller teams to tackle both threat hunting and quick incident response. How often does alert fatigue impact our team’s ability to fully investigate events? Alarm fatigue is real. We see it in our personal lives, healthcare, and just about all modes of transportation, and the consequences can be dire. Cybersecurity is not immune. As sophistication grows in UBA, DLP, and EDR technologies, the number of alerts, false positives, and notifications will continue to overwhelm security teams (nine out of 10 security practitioners report an inability to triage all potential threats). In an IT security survey by the Ponemon Institute, more than 37 percent reported facing more than 10,000 daily alerts; more than half of those alerts were false positives. What happens when there’s not enough time in the day to address every alert and an actual attack is overlooked? Have we asked vendors the hard questions about their machine learning and AI? If you’re playing buzzword Bingo while reviewing your vendors, it won’t take long to hit a winner. But differentiating between who’s slapping machine learning onto their platform vs. who’s building tools that allow machine learning to continually improve efficiencies are two very different things. Ask your vendors the hard questions. Please explain your algorithms in detail. What are the specific trends and patterns targeted? Does the tool capture its own data? If not, how do you determine the reliability of the data? How do your algorithms react to data imperfections? And, can you show me how it really works? Dig deeper and it will quickly become clear when machine learning is going to offer true value and when it’s simply marketing speak. Have I checked all of the boxes for GDPR compliance? The last year has been the most compliance-focused in the industry’s short (albeit intense) history. As such, security teams have had to shift time and resources to keep pace with new regulations. No longer do fellow executives ask their CISO ‘Are we secure?’ They’re now asking ‘How much will we be fined if we’re breached?’ GDPR has brought an additional set of regulations, expectations, and opinions to the industry. “Quietly working out a plan will no longer be an option.” – Jacek Materna, on GDPR In the case of a breach, Article 30 states that you need to have adequate data records for real-time auditing by a supervisory authority. And the 72-hour rule adds to the urgency of identifying the who and the what in a short amount of time. This means two things: you need to collect a lot of data on your users and you need to be able to find it quickly. Can your team do both today? When (not if) a breach occurs, how quickly could we respond and control damage? Managing day-to-day threat response across numerous platforms is a headache. When a breach occurs, that headache becomes a migraine. If you’re one of the companies suffering from the growing security talent shortage, allocating additional resources to respond to a breach is not always an option. Consolidated endpoint and server visibility is crucial in minimizing the time to resolution and containing the impact of the breach. But above all else, technologies must enable you to get the most out of the resources you have available today to ensure the fastest recovery. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- 5 Questions CISOs Should Ask Themselves Destry Winant (Apr 08)