CISO Tradecraft®

What is measured gets done.  However before you measure you need to think about how best to measure.  On this episode of CISO Tradecraft, we provide you new insights into optimizing metrics that matter.   What is a Metric? Metrics drive outcomes.  Before picking a metric consider the following: What data is required? What stories can it tell? What questions does it invite? How sustainable is it? When you report metrics highlight three things: Status or Measure- Where is your company right now? Trends- What direction is your company headed? Goals- A description of where your company wants to be Goals or Metrics should be SMART: Specific, Measurable, Achievable, Realistic, and Time-based For a helpful list of metrics that you might consider please check out the following list from Security Scorecard Link Thank you again to our sponsor CyberArk, please check out their CISO Reports.

On this episode of CISO Tradecraft, you can learn the 10 steps to Incident Response Planning: Establish a Cyber Incident Response Team Develop a 24/7 Contact list for Response Personnel Compile Key Documentation of Business-Critical Networks and Systems Identify Response Partners and Establish Mutual Assistance Agreements Develop Technical Response Procedures for Incident Handling that your team can follow: External Media - An alert identifies someone plugged in a removable USB or external device  Attrition - An alert identifies brute force techniques to compromise systems, networks, or applications.  (Examples Attackers trying thousands of passwords on login pages) Web - A Web Application Firewall alert shows attacks carried out against your website or web-based application Email - A user reports phishing attacks with a malicious link or attachment Impersonation - An attack that inserts malicious processes into something benign (example Rogue Access Point found on company property) Improper Usage - Attack stemming from user violation of the IT policies.  (Example employee installs file sharing software on a company laptop)  Physical Loss- Loss or theft of a physical device (Example employee loses their luggage containing a company laptop) Classify the Severity of the Cyber Incident Develop Strategic Communication Procedures Develop Legal Response Procedures Obtain CEO or Senior Executive Buy-In and Sign-off Exercise the Plan, Train Staff, and Update the Plan Regularly To learn more about Incident Response Planning, CISO Tradecraft recommends reading this helpful document from the American Public Power Association If you would like to automate security reviews of infrastructure-as-code, then please check out Indeni CloudRail Link

Special Thanks to our podcast Sponsor, CyberArk.   Experienced CISOs know that it's not a matter of if, but when.  Incidents happen, and there is an established response strategy nicknamed PICERL that works:  (P)reparation  (I)dentification  (C)ontainment  (E)radication  (R)ecovery  (L)essons Learned If we "shift left" with our incident planning, we can minimize our organizational risk -- thorough preparation, including establishing an environment of least privilege, significantly increases the challenge for an attacker, buys us time to identify early, and limits the damage potential from an incident.   This episode features Bryan Murphy, the Incident Response team leader at CyberArk.  His insights from managing dozens of responses are invaluable, and they are now yours through this special episode

On this episode of CISO Tradecraft, you can learn about the new Executive Order on Improving the Nation's Cyber Security.  The episode provides a brief background on three security incidents which have influenced the Biden administration: SolarWinds Microsoft Exchange Servers Colonial Pipeline Attack The episode then overviews the various sections of the new Executive Order: Policy Removing Barriers to Sharing Threat Information Modernizing Federal Government Cybersecurity Enhancing Software Supply Chain Security Establish a Cyber Safety Review Board Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents Improving Detection of Cybersecurity Vulnerabilities and Incidents on Federal Government Networks Improving the Federal Government’s Investigative and Remediation Capabilities National Security Systems Thanks to CyberArk for sponsoring this episode.  Please check out CyberArk's new conference

This episode is sponsored by Indeni.   On this episode of CISO Tradecraft, G Mark Hardy discusses with Yoni Leitersdorf (CEO and CISO of Indeni) the risks which can occur in a cloud environment after it has been provisioned. Essentially it's quite common for organizations to change their cloud environment from what was declared in a Terraform or Cloud Formation Script.  These unapproved cloud changes or Cloud Drift often create harmful misconfigurations and have the potential to create data loss events. The podcast discusses the pros and cons of two key approaches to solve the Cloud Drift problem: Static Security Testing in a build pipeline Runtime Inventory Approaches  The podcast features Yoni Leitersdorf.  Yoni founded a company (Indeni) to address Cloud Drift and discusses the business point of view of why this is a critical concern for the business.  If you would like to learn more about what Yoni is working on please check out Indeni   Yoni Leitersdorf can also be found on: LinkedIn Twitter

Identity is the New Perimeter.  On this episode of CISO Tradecraft you will increase your understanding of Identity and Access Management.  Key topics include: Audit Trail Authentication Authorization Identity Compromise Least Privilege Microsegmentation Multi Factor Authentication (MFA) Privileged Access/Account Management (PAM) Role Based Access Control (RBAC) Single Sign On (SSO)

Have you ever heard a vendor has software features such as Artificial Intelligence (AI) or Machine Learning (ML)?   What does that mean?  On this episode we answer those questions so you know when vendors are full of it.  Common reasons to use Artificial Intelligence Types of Artificial Intelligence What Machine Learning is How Machine Learning works How to select the right algorithm References How to Select Machine Learning Algorithms ML Algorithm Cheat Sheet 63 Machine Learning Algorithms

Today, CISO Tradecraft hosts a 5 minute discussion to talk about reflection.  The concept is Roses, Buds, and Thorns.  It’s an exercise designed to identify opportunities to make positive change. Roses- What’s working Buds - What are new ideas Thorns- What do we need to stop If you would like to learn more please check out the article from MITRE We would love to hear your feedback here. Thank you, CISO Tradecraft

On this episode CISO Tradecraft we dive into the world of blockchain.  As a CISO you may be expected to explain to executives what the technology does and possibly how it works.  Here's your briefing to make you successful.  We'll cover: History of money and birth of bitcoin Why blockchain uniquely solves an age-old trust problem Potential business uses of blockchain technology Smart contracts and why they work Blockchain variants such as private and permissioned https://www.cisotradecraft.com

This episode CISO Tradecraft continues the Ransomware Discussion.  Do you slay the dragon (avoid the ransom) or save the princess (recover your files)?  Talking points include: Background on Ransomware What if we choose to pay a ransom? Is the Ransomware on the sanctions list? Negotiation/Payments Involving Law Enforcement Involving Legal Council Dealing with Cryptocurrencies