Risk Management in the Cloud Starts with Identities - Eric Kedrosky - BSW #322
Oct 3, 2023
auto_awesome
Eric Kedrosky, CISO at Sonrai Security, discusses the importance of addressing identities in cloud risk management. Other topics include challenges faced by CISOs in the cloud environment, educating about cyber risk, challenges in security incident notification, and leadership and communication enhancements.
Risk management in the cloud should address various identity types beyond human identities.
CISO turnover can hinder effective cybersecurity programs; stability and longevity in the role are crucial.
A quantitative model for assessing ransomware attacks can aid decision-making on ransom payment.
Deep dives
Impact of New SEC Regulations on Companies
Companies are starting to feel the pressure of the new SEC regulations, even though they are not in effect yet. The article highlights the case of Chlorox, which submitted documentation to the SEC after an incident. It emphasizes the need for organizations to quickly notify the SEC about incidents, even if they don't have all the details, and subsequently provide updates as more information becomes available.
Churn in the Chief Information Security Officer (CISO) Role
The constant turnover in the CISO role poses challenges for effective cybersecurity programs. The article discusses the factors contributing to this churn, including scapegoating, lack of board support, stress and burnout, and rapid technology transformations. It emphasizes the importance of organizations and leaders recognizing the value of stability and longevity in the CISO role to ensure successful cybersecurity strategies.
Quantitative Model for Decision-Making on Ransomware Payments
The article presents a quantitative model for assessing ransomware attacks and making decisions regarding ransom payments. It outlines the importance of quantifying the risk and considering various factors before determining whether to pay the ransom. The model provides a structured approach for evaluating the potential financial and operational impacts of ransomware attacks.
Modifications to the VUCA Leadership Model
The article proposes modifications to the VUCA (Volatility, Uncertainty, Complexity, and Ambiguity) leadership model. It suggests using active questioning instead of active listening to facilitate decision-making, optimizing the planner rather than the plan to enhance adaptability, and leveraging emotions reset to manage fear and anger effectively. These modifications aim to improve leadership effectiveness in dynamic and challenging environments.
Effective Techniques for Leadership and Communication
The article highlights key techniques for improving leadership effectiveness and communication skills. It emphasizes the importance of practicing active listening and reflecting on one's performance regularly. It also encourages cultivating empathy and continuously improving one's skills and approaches. These techniques promote better understanding, collaboration, and decision-making in leadership roles.
As we move more infrastructure into the cloud, the traditional concepts of risk start to change. It's no longer just about networks and servers, but also needs to address identities and not just human identities. Cloud infrastructure introduces additional identity types that need to be addressed as part of your risk management program. Eric Kedrosky, CISO at Sonrai Security, joins us to discuss how to think differently about risk in the cloud.
In the leadership and communications section, The CISO Carousel and its Effect on Enterprise Cybersecurity, CISOs are struggling to get cybersecurity budgets, Respectfully, I Disagree, and more!
