2021 CISO Strategic Plan And Best Practices

In today’s episode of life of a CISO, Dr. Eric Cole teaches another review on basic definitions of what is strategy.

Dr. Eric Cole continues to go over and over this because strategy is not a one-dimensional concept that you can learn the definition of once and never need to know it again.

Listen to this episode to better understand the different contexts of Dr. Coles teaching on strategy. 

In this episode:

  • 0:00 Intro
  • 0:20 A CISO focuses on strategy
  • 1:28 Executives focus on growing the organization
  • 1:59 Cookie cutter security doesn’t work
  • 2:47 It’s much easier for me to tell you the answer, but you have to own it
  • 3:36 Security must be a business enabler
  • 4:33 Can having unpatched servers be a good thing?
  • 6:00 The world is not perfect.
  • 7:12 Always put monetary values on everything
  • 7:35 My predictions are right…but the time is wrong
  • 8:00 Stop using emails to transfer files
  • 10:12 Most phishing attacks are unexpected
  • 11:20 Old habits die hard
  • 12:42 There is always resistance to change, and here’s why
  • 14:55 The solution is comparative, accurate data
  • 17:17 How I present my budget and risks every year: one chart
  • 18:12 What is the risk, likelihood, cost of a breach and cost to fix it?
  • 18:35 If the execs don’t listen to you, say “what is the current loss today.”
  • 18:54 Do you know the definition of cybersecurity?
  • 21:37 Always ask the risks
  • 21:50 What is critical data
  • 22:00 How do we divide the budget on the CIA triad?
  • 22:28 Train executives to ask the second question
  • 25:34 Execs only ask the value and benefit, not the risk
  • 26:42 Have an acceptable level of risk
  • 28:13 The VP has the authority to override the CISO
  • 29:49 Wrap up