Defense in Depth

Defense in Depth is available at CISOSeries.com. Is the "free to use" Secure Controls Framework the one meta-framework to rule them all? Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Tom Cornelius, founder and contributor of the Secure Controls Framework (SCF) (@scf_support). Thanks to this week's podcast sponsor, SpyCloud Learn more about how you can protect employees and customers from account takeover with SpyCloud. On this episode of Defense in Depth, you'll learn: Purpose of the Secure Controls Framework is to have a single framework to address multiple requirements. It's a meta framework that takes into consideration the controls of all other frameworks. You only need to use the security controls that are important and relevant to you. For that reason, don't be daunted by the number of controls on SCF (currently 750). You can have security without privacy, but you can't have privacy without security. Integrating privacy and security is critical to SCF.

Defense in Depth is available at CISOSeries.com. Is your own staff the greatest threat to the security of your company? On this episode of Defense in Depth we discuss protecting your business from itself. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Vijay Bolina (@_jamesbaud_), CISO, Blackhawk Network. Thanks to this week's podcast sponsor, Fluency Security: Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you'll learn: Nearly 1 in 5 people would sell their health record for $500. (source) Insider threat mistakes can take many forms. It could be someone carelessly leaving a USB key somewhere or it could be a developer simply not securing their code. Security people make mistakes just like non-security people. Difference is when a security person makes a mistake, chances are the gravity of the damage will be much higher. A breach doesn't necessarily have to damage the company. A breach simply means data left your protected area of the business. And that is still bad even if there was no actual damage.

Defense in Depth is part of the CISO Series network, which can be found at CISOseries.com. Security for the business affects everyone and all departments. On this episode of Defense in Depth we discuss the values and difficulties of building an information security council. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Nick Espinosa (@NickAEsp), host of nationally syndicated show The Deep Dive with Nick Espinosa, and his daily podcast is called Nick's Nerd News Daily. Find Nick on Facebook, YouTube, and his articles on Forbes. Thanks to this week's podcast sponsor, Fluency Security: Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you'll learn: A good starting point for building an information security council is to develop a business continuity and disaster recovery plan with all departments and stakeholders. Understand the risk tolerance of each division. A well-informed information security council can often benefit from less security training. The number one battle to develop an InfoSec council is never technical. It is always cultural. Need to create a culture of not shaming people for making mistakes that compromise security. You want employees to feel free to speak up if they do make a mistake.

Will the privacy outcry and new regulations limit companies' abilities to do business, or will it span a whole new industry? We discuss building a business in the new age of privacy regulations on this week's Defense in Depth. Chris Jordan, CEO, Fluency Security This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest is Chris Jordan, CEO of Fluency Security. Thanks to this week's podcast sponsor, Fluency Security: Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you'll learn: While new privacy regulations may hamper a company's ability to collect and sell any data they want, they don't necessarily stifle the economy. For example, the introduction of HIPAA regulations spawned a growing industry. DuckDuckGo is a search engine that doesn't collect your browsing history to determine your search results. Even if you are very protective of your data, the people around you probably aren't. Through relationships and triangulation a profile of you, sans your personal data, can still be created. Because of this ability to triangulate data, your employees' personal data, outside of work can become a risk to your company.

Defense in Depth is part of the CISO Series network which can be found at CISOSeries.com. What are the most important metrics to measure when building out your security program? One thing we learned on this episode is those metrics change, as your security program matures. This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is my co-host of the other show, Mike Johnson, CISO of Lyft. Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you'll learn: There is no golden set of security metrics. Metrics you use to measure your security program this year won't necessarily be the same ones you use next year. Use the NIST model to determine your security program maturity. Unlike B2C, B2B companies can use metrics to build a closer tie between security and the business. Regulations and certifications is one easy way to align security with the business.

Just a quick welcome message to this weekly show covering controversial and confusing topics in cybersecurity.