How do you define cybersecurity?
In this week of Life of a CISO Dr. Eric Cole discusses the responsibilities of a CISO in times of crisis. A CISO must be vigilant about attacks.
But what makes a CISO different from a technical engineer is that he can communicate with the executives in a language they will understand about how to balance this risk with functionality, rather than rigidly go for 100% security at the expense of functionality.
Join Dr. Cole to learn how to find the balance necessary to become a World Class CISO.
In this episode:
- 0:59 Are you communicating in a way that people understand?
- 1:33 How I made Cyber Crisis an effective book on communication for executives
- 4:43 What is the definition of cybersecurity?
- 6:02 Cybersecurity is understanding, managing, and mitigating the risk of critical data being disclosed, altered, or denied access to.
- 6:56 Risk, critical data, and CIA (Confidentiality/Integrity/Availability)
- 8:48 Conversations with executive team are critical
- 9:52 You produce the list and let them modify and change it
- 11:52 Do it in a meeting, not over email
- 14:50 Risk is the probability of loss
- 18:25 Switching between technical and executive
- 20:29 Most CISOs stop at risk and confidentiality
- 21:07 Why availability is crucial
- 24:40 33/33/33
- 27:09 Give yourself an honest report card