Cybersecurity Assessment Strategies:
What It Means To Protect Your Critical Data
This episode of Life of a CISO has 2 parts.
Part 1 is about an important lesson on priorities.
Part 2 of this episode is dedicated to a review of the definition of cybersecurity.
Once again, cybersecurity is “Understanding, managing, and mitigating the risk of your critical data being disclosed, altered, or denied access to.”
Dr. Eric Cole explains more in detail about what critical data is, and gives you the CIA triad of keeping data safe.
Listen to this episode to learn the CIA triad and what it means to protect your Critical Data.
In this episode:
- 0:00 Welcome to the show
- 0:51 A CISO needs to be strategic, but what about a small business?
- 1:43 Be deliberate with your time
- 2:57 Build a solid routine
- 3:50 The problem is that if you ignore “fires” for three days, you will lose your job.
- 4:44 What if you don’t focus on tactical for 2 weeks?
- 5:20 If you don’t do strategy
- 5:49 Firefighting comes about due to a lack of strategy
- 6:29 Some priorities are non-negotiable
- 8:08 The more you break habits, the easier it is to continue to break them
- 9:24 It’s not cumulative
- 10:08 Plan your time, build the habit, make it non-negotiable
- 10:57 What is cybersecurity?
- 11:33 “Understanding, managing, and mitigating the risk of your critical data being disclosed, altered, or denied access to.”
- 11:54 Last week we covered risk, this week we cover critical data
- 13:16 Data is the currency in cybersecurity
- 13:58 Most of my clients are able to tell me where the critical data is
- 14:25 The problem is we know some of the locations, but not all
- 14:41 “Portable servers” aka laptops
- 15:21 10,000 employees means 40,000+ TB
- 16:05 Home offices are still offices
- 17:21 Pre-Covid, you could manage what comes in and goes out
- 17:48 The solution is location-agnostic thin clients
- 19:03 I see opportunities in COVID-19
- 19:49 To be a great security professional, you have to look big picture
- 20:23 Security is like being an eye doctor
- 21:38 The third piece is the end point
- 22:06 Why thin clients are the most secure
- 22:39 The first problem it solves: patching and updating
- 23:14 Second: The operating system gets rebuilt every login
- 24:04 Third: Data is stored and secured locally
- 25:01 When you’re planning 2021, work with IT department
- 25:26 Don’t let a few troublemakers get in the way of success
- 27:21 CIA Triad: Confidentiality, Integrity, Availability
- 28:23 The problem is that most people don’t put availability in their definition
- 29:20 The most important thing for an ecommerce site is availability
- 30:57 Make sure you’re aligned with the executives
- 31:48 When organizations are breached, their priorities and budget are misaligned