Radio Interview – KRLD-AM

Hosts Kayne and Tom talk about how to create the Authorization Boundary, a cornerstone of the System Security Plan (SSP) as part of FedRAMP certification. Includes beer tasting notes for Black Butte Porter.

Another issue associated with connected vehicles is around the data they collect and transmit. ”We have seen nation states that want to conduct surveillance, whether on their own domestic population or on foreign populations, use telemetry from hotels, airports, and rental car carriers to determine where individuals are moving,” notes McGladrey. “If it is possible for a dedicated adversary to subvert that communications channel—either directly with a vehicle or by gaining a foothold inside of some telemetry aggregator service, probably the manufacturer—all of a sudden they can know where people are going within in a few feet. If you can associate a user’s identity with their vehicle or location, you have a high degree of fidelity to conduct attacks.”

“Employees across industries are finding new and innovative ways to perform their tasks at work faster,” says Kayne McGladrey, IEEE senior member and field CISO at Hyperproof. “However, this can lead to the sharing of confidential or regulated information unintentionally. For instance, if a physician sends personal health information to an AI tool to assist in drafting an insurance letter, they may be in violation of HIPAA regulations.” The problem is that many public AI platforms are continually trained based on their interactions with users. This means that if a user uploads company secrets to the AI, the AI will then know those secrets — and will spill them to the next person who asks about them. It’s not just public AIs that have this problem. An internal large language model that ingested sensitive company data might then provide that data to employees who shouldn’t be allowed to see it.

Tune into this ISACA Episode as Hyperproof’s Field CISO, Kayne McGladrey, speaks with ISACA’s Jeff Champion on how 2023 will be the year of risk.

“Ultimately the CSO should report to the Chief Risk Officer, the CRO- because ultimately cyber security is about managing risk at a technical level and at a regulatory level. The natural alignment is with risk. Also maintain a very healthy relationship with internal counsel- especially if there’s chief counsel. Have a coffee every once in a while. And have a healthy relationship with the CIO.”

As we approach 2023, it’s natural to look back on the biggest security events that took place this year and anticipate their effect next year. The previous two years have shown that our world is full of complexity and uncertainty, despite all the advances in data collection, compliance operations automation, and SaaS technology. Risk modelers and analytics experts know we can’t predict or control the world with any degree of certainty, but it’s important to brace ourselves for the upcoming threats and new opportunities the coming year will present. Here are three key risk management predictions we have for 2023 that will shape the risk management industry.