Similar Posts
Thinkers360 Predictions Series – 2024 Predictions for Cybersecurity
ByKayne
My prediction for 2024: In response to increasing regulatory burdens and the risk of civil litigation, successful companies in 2024 will lean into enhancements in their compliance operations. They will actively collect and test evidence of security control effectiveness, linking these controls directly to their risks, across all critical assets or systems. This approach ensures companies are confident in accurately describing how well they manage their risk portfolio, including in SEC filings. The automation of compliance operations enables security and audit professionals to spend more time doing the parts of their jobs that they love. Furthermore, as supply chain risks intensify scrutiny of B2B transactions, companies will efficiently repurpose many of their controls and control evidence. This strategy not only allows companies to secure additional attestations or certifications such as ISO or SOC 2 without increasing their workforce, but it also provides a significant competitive business advantage.
Podcast: Virtual CISO Happy Hour: The Scary Truth About Data Privacy
ByKayne
In this live episode of the Virtual CISO Happy Hour, our cybersecurity experts discuss the critical steps companies must take to navigate the complex landscape of data privacy. They discuss the importance of establishing regular data inventories and minimization efforts to ensure that only business-critical information is retained, thereby reducing the attack surface for threat actors.
The conversation shifts to the pitfalls of treating privacy audits as one-off events rather than ongoing processes. Our experts argue for the automation of data control operations and the continuous evaluation of their effectiveness, which is crucial for maintaining compliance and achieving certifications like ISO or SOC 2.
The episode also tackles the misconception of ‘cyber risk,’ advocating for a broader understanding of business risk and its real-world consequences. The discussion highlights the importance of aligning cybersecurity strategies with business KPIs and KRIs to effectively communicate the value of security measures to executives and boards.
Furthermore, they explore the role of CISOs in control design and effectiveness, emphasizing collaboration with CFOs to leverage their experience with regulatory compliance for more nuanced and effective control strategies. They also touch upon the significant cost savings that can be realized by reevaluating and updating corporate risk registers in response to changes in data storage and access patterns.
This episode is a must-listen for any professional involved in data privacy and cybersecurity, offering practical insights into making informed decisions that align with both security and business objectives.
“Universal fingerprint” can crack 65% of the real fingerprint identification
ByKayne
You may need Google translate to read this First Financial article about the threats of MasterPrint.
Episode 17: Personnel Security
ByKayne
Kayne and Tom talk about personnel security, background checks, what FedRAMP requires for onboarding and terminating employees as well as a host of tips and tricks for meeting this control family. Of course, they try a new beer and maybe, just maybe, agree on the score.
Cyber Security Is Integral To Business Continuity Planning
ByKayne
Communications are critical for an organization when an incident occurs. Leadership must effectively share information with the workforce. For some organizations, this requires enacting the critical communications plan that has been drilled. For others, an incident is a disruption to the normal course of business, which is where business continuity planning demonstrates its value to the organization.
Open Source Mindset Bolsters Hybrid Cloud Strategies
ByKayne
Linux continues to be a popular deployment choice for new virtual machines on Azure. “Organizations moving legacy on-premises Linux servers to the cloud can quickly gain the benefits of robust disaster recovery and security without needing to change platforms or applications”