- Security by obscurity is not security but a fallacy
- PLC lack programming interfaces for solid password authentication and overall security
- https://www.youtube.com/watch?v=KTKRjvTgTQI&feature=youtu.be
- https://www.youtube.com/watch?v=t4u3nJDXwes&feature=youtu.be
- Incident Response
- Availability – does not mean a fire extinguisher everywhere
- Budget – there will be unexpected cost
- Collaborate – with all groups and roles, with frequency
- Plan – for chaos
- Pay ransom sometimes (70% do and 20% over $40K), when you don't have backup or can't recover timely
- Security awareness strategy answers who, what and how – make it simple and don’t assume
- Uptick in HealthCare attacks
- Must lead without authority
- Machine Learning is the wave but is enhanced with GPO to speed up reaction
- 7 factors of organizational management
- Gain command of the facts
- Get the business to own risk
- Embrace the change agent role
- Run InfoSec like a business
- Build a technical and business capable team
- Communicate the value
- Organize for success
- CISO Impact Quotient equals 5-7 year journey before trust and value is seen/woven into the organization
- Building confidence is your first objective; and having a plan; as well as tying it back to the most critical business function
- Driver for Maturity is from Compliance to Solution to Vulnerability to Threat modeling/detection focused
- Change your habits and change your life
- 3 critical skills for better decisions and greater influence
- Self-awareness – clarity in thinking and feeling
- Deep work – attention management vs. time management
- Mindfulness and mentalizing
- Mandatory data breach notification is no longer just an option, to include within 72 hours to Data Protection Agency
- Burden of proof lies in the ability to prove (substance) unauthorized access/processing did NOT occur
- EU personal data definition is any information related to an identified or identifiable natural person so varies from US’s SSN and Driver’s License Number
- EU fines are 4% global turnover or €20,000,000
- Practicing fire drills is necessary – hands on exercise to test incident handling
- Variant of important trifecta is Speed, Security and Variability (aka cost)
- MARCI chart plots risks along impact and vulnerability with speed of risk (aka velocity)
- Diversity makes you smart; current role diversity is 31% Boomers, 38% Gex X and 46% Millennials
- Cyber skills shortage continue to rise
- 93% of organziations take just minutes to compromise (Synack)
- Few Good Links
- Nomoreransom.org for help
- https://github.com/jzadeh/Aktaion GPO and endpoints
- github.com/wickett/lambhack serverless security
- https://rsa2017.iansresearch.com survey
- www.iamthecavalry.org medical devices
spotlight with Rich (Latayan360@Outlook.com) - espresso to Security Business Leadership - splash of key note speaker @CISOmd
Wednesday, February 22, 2017
RSAC in a flash – quotes, opinions, trends from some of the preso
No resounding theme this year (compared to last) outside of the words: Ransomware, DDoS, Machine Learning, and over use of “pivot”
Subscribe to:
Post Comments (Atom)
39FD9BE9EE
ReplyDeletetakipçi alma
swivel barrel accent chair
EA4E0D59C4
ReplyDeletetelafili takipçi
black swivel accent chair
DEFA5A456E
ReplyDeleteTakipçi Satın Al
Google Play Kodu
Video indir
A1CC7761
ReplyDeletekaramürsel esçort
akdeniz esçort
aksaray esçort
esçort bayan kars
aliağa esçort
foça esçort
selçuklu esçort
kartal rus esçort
esçort giresun
5A7C287A
ReplyDeleteSivas Esçort
Kastamonu Esçort
Balıkesir Esçort
Karabük Esçort
Yozgat Esçort
Batman Esçort
Şırnak Esçort
Konya Esçort
Bitlis Esçort