Back to (Cybersecurity) Basics
In this episode of Life of a CISO, Dr. Eric Cole reviews the basics of cybersecurity.
It is inevitable that breaches will occur.
The job of a CISO is to make sure that those breaches are small, observed and fixed quickly, and contain no critical data.
If you do not follow the most basic rules of cybersecurity, it doesn’t matter if your adversary is a state-actor with a large budget or a teenager in his basement, you will be breached.
Listen to this episode and learn the basics of cybersecurity.
In this episode:
- 0:22 Back to the basics with cyber security
- 1:21 Advanced cyber attacks today aren’t actually that advanced
- 1:41 Quick review: what is cyber security?
- 2:51 3 things: Managing risk, understanding/protecting/controlling data, C.I.A.
- 3:33 Risk is the probability of loss
- 4:02 What part of the risk formula can you control?
- 5:25 Making easy fixes works until it doesn’t work because it’s not effective
- 7:25 One page in 3 columns
- 9:38 Look for patterns
- 10:06 The 1st rule of security
- 11:52 I prefer it be patched within 5 days
- 12:28 Do patching systems break them?
- 13:41 Executives are making dangerous decisions
- 17:31 Any system accessible must be patched, cannot contain critical data. EVER.
- 18:30 Don’t change the rules
- 19:15 About critical infrastructure
- 22:17 On automation
- 22:45 Remote access
- 23:45 There is no such thing as a “virtual air gap.”