Why a return to the office brings identity and mental health challenges

Hosts Kayne and Tom talk about how to create the Authorization Boundary, a cornerstone of the System Security Plan (SSP) as part of FedRAMP certification. Includes beer tasting notes for Black Butte Porter.

It’s no surprise that security and compliance professionals are concerned about the effects a potential recession may have on their budgets. Cyber incidents and business interruptions have been the two worldwide corporate risk concerns for two years running, according to Allianz, and the World Economic Forum recently found that cybersecurity is the fifth top risk worldwide in 2023. Yet, over 66,000 tech jobs were cut in the first two months of 2023 due to recessionary factors, and over half of organizations struggle with identifying where the critical risks are in order to figure out what remediations to prioritize. The risk of paying fines and penalties is increasing as the FTC, SEC, NYDFS, and other regulatory agencies are leaning into enforcement rather than sanctions.

Let’s examine an end-to-end process that organizations can use annually to evaluate which controls are effectively reducing risks, and which controls could be removed or replaced to create budgetary efficiencies

Kayne and Tom talk about the System and Communications Protection family of FedRAMP Rev5 controls. Learn about the “catch all” approach to this control family and some challenges faced to implementation. Tom and Kayne try a stout for the first time on the show, and Kayne seems to group it with all the other beers. As always, the faces he makes are impressive.

Kayne McGladrey, Field CISO at Hyperproof and Senior IEEE Member, says cybersecurity is also fertile ground for AI. “CISOs are looking at AI and automation solutions that handle common cybersecurity tasks. These include collecting evidence of control operations for the internal audit team, testing that evidence automatically, and producing regular reports on such things as false-positive cybersecurity events. These tasks help overworked cybersecurity analysts and engineers to focus on the parts of the job that they love without burdening them with excessive paperwork.”

Do you feel like you are overwhelmed trying to run your business while defending against the latest cyber threats? Join Kayne McGladrey, speaker, author and Director of Information Security Services for Integral Partners (http://www.ipllc.co) for our upcoming presentation on taking a proactive, risk-oriented approach to cyber security for individual consultants and small businesses.

Kayne will discuss:

– Why you should manage risks based on user identity instead of chasing the latest threats

– How individual consultants can protect themselves

– A vendor-neutral reference architecture for cyber security at small businesses

We will have time for Q&A at the end of the presentation.

“Viruses are most commonly spread through phishing, which is a technique of sending emails designed to prey on a person’s emotions to make them click a link or open a malicious attachment,” says Kayne McGladrey IEEE member and director of security and IT for Pensar Development. “Besides running up-to-date commercial antivirus software, the easiest way to avoid viruses is to pause before acting on messages. Get a cup of coffee, or at least get up and stretch, before deciding if the email is trying to manipulate your emotions through a sense of authority (someone impersonating your boss or a police officer), a sense of urgency (because of an artificial time constraint), or scarcity (supplies are limited, act now).” These are the same psychological techniques used by con artists since time immemorial, with the only difference being that con artists had to con one person at a time. “With email, social media, and text messages, threat actors can con thousands of people. No antivirus software is perfect, but pausing before acting can stop most of today’s viruses.”