ISF Podcast S27 Ep4: Steve Durbin & Julie MacDonald - Risky Business: Aligning enterprise strategy with human-centred security
Jul 16, 2024
14:21
Steve recently sat for an interview with veteran journalist Julie MacDonald for a feature with The European. For the next two weeks, we’ll be presenting that conversation in two parts. In the first part, Julie and Steve discuss the regulatory landscape, improving communication across the business, and how enterprises can successfully marry technology with the human element of work.
Key Takeaways:
1. Durbin emphasizes the importance of alignment in creating a culture that supports risk management and growth.
2. MacDonald emphasizes the need for transparency beyond organizational borders, including collaboration with competitors and regulators.
3. Large organizations have resources to keep up with supply chain risks, while midsize and small enterprises struggle.
4. Durbin stresses the need for basic security practices and security awareness training, providing feedback in real-time to help individuals remember what they should have done.
Tune in to hear more about:
1. Cybersecurity risks and how businesses can manage them effectively (0:00)
2. Cybersecurity transparency, regulation, and communication (5:13)
Standout Quotes:
1. “I think for security people, what they have to be better at is understanding the role that security plays in achieving the business objectives, the business strategy, because if they can do that, then suddenly they have the ear of the business. On the other side, from the business perspective, they need to understand the role that technology plays in achieving what they're trying to do. Because technology equals security equals risk.“ - Steve Durbin
2. “If you look at the way in which now, technology is all pervasive, we use different elements of technology to do our jobs. So we may be doing something on our own mobile phone, for instance, which we wouldn't have been doing before. So the importance of security awareness has actually increased significantly. “ - Steve Durbin
Mentioned in this episode:
Key Takeaways:
1. Durbin emphasizes the importance of alignment in creating a culture that supports risk management and growth.
2. MacDonald emphasizes the need for transparency beyond organizational borders, including collaboration with competitors and regulators.
3. Large organizations have resources to keep up with supply chain risks, while midsize and small enterprises struggle.
4. Durbin stresses the need for basic security practices and security awareness training, providing feedback in real-time to help individuals remember what they should have done.
Tune in to hear more about:
1. Cybersecurity risks and how businesses can manage them effectively (0:00)
2. Cybersecurity transparency, regulation, and communication (5:13)
Standout Quotes:
1. “I think for security people, what they have to be better at is understanding the role that security plays in achieving the business objectives, the business strategy, because if they can do that, then suddenly they have the ear of the business. On the other side, from the business perspective, they need to understand the role that technology plays in achieving what they're trying to do. Because technology equals security equals risk.“ - Steve Durbin
2. “If you look at the way in which now, technology is all pervasive, we use different elements of technology to do our jobs. So we may be doing something on our own mobile phone, for instance, which we wouldn't have been doing before. So the importance of security awareness has actually increased significantly. “ - Steve Durbin
Mentioned in this episode:
Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter
From the Information Security Forum, the leading authority on cyber, information security, and risk management.
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter
From the Information Security Forum, the leading authority on cyber, information security, and risk management.