Leveraging board governance for cybersecurity

Michael Figueroa, President and Executive Director of the Advanced Cyber Security Center (ACSC), discusses the importance of leveraging board governance in cybersecurity initiatives.

– Join the fight against cybercrime: https://infosecinstitute.com

–Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast

In the podcast, Figueroa and host Chris Sienko discuss:

– Why are so many organizations still unaware of the need for strong unified security planning? (1:44)

– Is this a situation where C-suite members shoulder the burden of security on themselves, or even assume that it’s just IT’s problem and leave it at that? (3:38)

– Tell us about the survey mentioned in the briefing between ACSC member CISOs and CIOs representing organizations from a range of sectors. What were some of the perspectives discussed in this meeting? (5:00)

– Were there any compelling scenarios or real-world examples at the meeting that made for compelling stories? (7:32)

– What should be the first step for an organization that has critically neglected it digital cybersecurity strategy? (9:48)

– What are some steps one can make to make your board more cyber-seasoned, both with planning and day-to-day operations? (13:35)

– What is the role of non-human identities? Do things like service accounts that connect to modular coding components, microservices, software containers and APIs feed into this issue? (14:46)

– In your report, you noted that there is a need “for a risk standard… that would help guide decision making.” What are the first steps that nee to be taken to craft such a standard? Has there been any work on this since the release of the report? (17:37)

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Hunter Reed. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/fzhe4c49Fs4/