How to Improve Your Board’s Cyber Security Literacy

•Download as PPTX, PDF•

1 like•970 views

Boards of Directors have an inescapable legal responsibility to protect their corporations’ assets and shareholder value against risks. However, many boards lack the knowledge, awareness and confidence to do so. In this webcast, moderator Dwayne Melancon, Tripwire Chief Technology Officer, will provide a variety of perspectives from experienced professionals in the industry—including Larry Clinton, President and CEO of ISA, and Colin Anderson, CISO of Levi Strauss & Co, and Colleen Brown, Associate at Sidley Austin LLP.

Technology

Colin Anderson
VP of Infosec & CISO
Levi Strauss
Larry Clinton
President & CEO
ISA
Colleen Brown
Associate
Sidley Austin LLP
Dwayne Melancon
VP R&D & CTO
Tripwire

Encourage boards to focus on risk, not security
Provide context and comparisons whenever possible
Develop key indicators/metrics that tell a story, are easy to
understand and talk to business risk
Colin Anderson
VP of Infosec & CISO
Levi Strauss

Change how you think about cyber security
Change how you talk about cyber security
Use the NACD Handbook for reaching boards and sr. managers
Larry Clinton
President & CEO
ISA

Ensure you have a comprehensive data protection program
Ensure the board is engaged on cybersecurity and develop a
record of that engagement
Consider putting resources in place in advance, including cyber-
insurance and pre-engaging with third-party service providers
Colleen Brown
Associate
Sidley Austin LLP

Use the headlines as “teachable moments”
Before bringing topics to the board, ask “Is this appropriate for
the board, or should it be management’s responsibility?”
Communicate in terms of impact to the business – for example,
leverage annual reports, relate to key risks and objectives Dwayne Melancon
VP R&D & CTO
Tripwire

Threat
Intelligence
Adaptive
Threat
ProtectionEndpoint
Intelligence
Vulnerability
Intelligence
Threat
Analytics
Forensics
Zero-Day
Detection
Threat
Response
Log & Event
Intelligence

Boards of Directors have an inescapable legal responsibility to protect their organisation’s assets and shareholder value against risks. Where does cybersecurity fit in the agenda? Many boards lack the knowledge, awareness and confidence to connect security to the business. In this webcast, moderator Paul Edon, Director of Customer Services at Tripwire, will provide a variety of perspectives from experienced professionals in the industry — including Amar Singh UK CISO for Elsevier, Ray Stanton EVP Professional Services at BT and Advisory Board Member of ISF, and Gary Cheetham, CISO at NFU Mutual.

Cyber Recovery - Legal Toolkit

Kevin Duffey

Strategies for cyber resilience - Everyone has a Role

Kevin Duffey

CEOs leading Recovery from Cyber Attack

Kevin Duffey

Cyber Heroes of tomorrow's world

Kevin Duffey

Social Engineering the CEO

Kevin Duffey

Be Angry - why CEOs should join the coalition against cyber crime

Kevin Duffey

Symantec Webinar | National Cyber Security Awareness Month - Own IT

Symantec

The document discusses why businesses must take a risk management approach to supply chain security. It notes that vulnerabilities in supply chain partners can expose organizations if exploited by hackers. While CISOs have limited control over supply chains, which are dynamic and complex, they are still responsible for securing the organization. The document recommends that CISOs create a risk management plan for the supply chain to determine priority areas and acceptable risks. It also suggests protecting information based on value, restricting damage from compromised partners, and opening communication with partners about security best practices.

Symantec Webinar | National Cyber Security Awareness Month: Secure IT

Symantec

Cyber security: Five leadership issues worthy of board and executive attention

Ramón Gómez de Olea y Bustinza

Understanding the 8 Keys to Security Success

SecurityOn-Demand

CISOS work hard to manage risk and ensure the security of the organization. But, they must also create an environment where business can be transacted seamlessly, conveniently and securely. With over a decade of supporting organizations in this mission, Security On-Demand has compiled the eight keys to security success which will help you achieve your goals of delivering security and business agility.

Improving Cyber Security Literacy in Boards & Executives

Tripwire

In response to the rapidly evolving threat landscape, Boards of Directors (BoDs) and executives are now more aware of today’s cyber threats and how they might adversely affect their business. However, most executives are nonetheless limited in their knowledge of security and do not know what to ask their security teams. It is therefore up to security professionals to help their executives become more cyber security literate and thereby assist in framing security considerations as an integral part of any risk/opportunity discussion, as well as a wider enterprise risk management strategy. Acknowledging this responsibility on the part of information security personnel, Tripwire has asked a number of prominent experts in the field how security teams can improve their executives’ cyber security literacy.

2017 in Review: Infosec Pros Look Back on the Year

Tripwire

The document contains opinions from various cybersecurity professionals summarizing what they learned from the cybersecurity events and trends of 2017. Some key lessons mentioned include: - Breaches should be viewed as continuous rather than isolated events, changing how defenses are deployed. - Some large vendors took a step back in 2017 by removing communication/information sharing and limiting customer options. - Regular employee security training and privileged access management are important controls. - Keeping systems updated is critical, as demonstrated by the Equifax breach. - Immediacy is important for journalists covering breaking cybersecurity news. - Security predictions are difficult, but focusing on clearly explaining protections to non-experts can boost adoption.

12 Top Talks from the 2017 R-CISC Summit

Tripwire

What Small Business Can Do To Protect Themselves Now in Cybersecurity

Reading Works Detroit

Cybersecurity in the Boardroom

Marko Suswanto

Cybersecurity has escalated to a major board-level concern and corporate governance issue. Boards of directors now play an important oversight role in ensuring organizations have adequate cybersecurity measures, response plans, and roadmaps to address growing threats. Management is responsible for executing specific security steps, while the board provides advisory and monitoring functions. These include assessing security readiness, stress testing response plans, conducting independent reviews, and establishing long-term strategies. With continued board guidance, organizations can better mitigate risks and adapt to changing cyber threats.

W.E.B. Security Services

W.E.B Security Services LLC

W.E.B. Security Services is a startup security consultancy that helps small and midsize organizations understand their risk profiles and implement cost-effective security solutions to protect their brands. Led by an ISACA-certified CEO with over 25 years of experience, W.E.B. acts as an organization's co-pilot to help navigate increasing cyber threats, which have risen 81% for SMBs since 2011. Through targeted risk assessments, W.E.B. helps SMBs realize opportunities while managing consumer technology risks in a cost-effective way that executives understand. It also provides short-term ISACA-certified security staffing solutions tailored to each client's needs.

Building the Next Generation ISAC-- A Blueprint for Success

Booz Allen Hamilton

Booz Allen Hamilton is a leading provider of management consulting, technology, and engineering services to both US government agencies and major corporations. They have experience working on national security threats that gives them insight into cyber challenges. Booz Allen helps organizations build Information Sharing and Analysis Centers (ISACs) to facilitate sharing of cybersecurity information between members. They provide a five-phase process to establish ISACs and support in management, operations, and infrastructure to help ISACs mature over time. Examples are given of projects establishing new ISACs and enhancing existing ones for critical infrastructure sectors.

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators

Elizabeth Dimit

Information security for business majors

Paul Melson

This document provides an overview of information security for business. It discusses how common security breaches and attacks are, and the goals of security including confidentiality, integrity and availability. It describes common security policies, controls and tools like firewalls, antivirus software, and vulnerability scanning. It also covers risk management, incident response, security awareness, and why security initiatives sometimes fail due communication issues and outdated approaches. The overall message is that information security is important for business to survive in today's environment of constant attacks, and that an effective security program requires ongoing effort.

Security Kung Fu: Security vs. Compliance

Joshua Berman

The Security Kung Fu Series was created as both a thought leadership and awareness campaign which ran from Q1 – Q2 2017. It was meant to educate attendees on the internal and external threats businesses face, and the compliance challenges many must endure. It also served to highlight the need for an array of software solutions from the SolarWinds Core IT Security Portfolio which can assist with these concerns. A primary focus of the event was SolarWinds® Log & Event Manager which can contribute to greater IT security and assist businesses in meeting and maintaining compliance with a variety of compliance regimes. Part 4: Security vs. Compliance As our repeat attendees found out, for many of these webcasts we spent at least a small portion of time discussing how each topic we covered transcends the goal of improving IT security to impact compliance as well. In this session, we took a deeper look at what is driving this point and discussed the “Two Schools of Thought” which are guiding IT decision making – Security vs. Compliance. If you are interested in learning about the impact of this campaign, please visit my LinkedIn Profile for more details or feel free to reach out to me directly over LinkedIn. Other Security Kung Fu Events: Part 1: SIEM Solutions | http://bit.ly/2qkwVWh Part 2: Firewall Logs | http://bit.ly/2ql3l2A Part 3: Active Directory Changes | http://bit.ly/2s5kFFc Acknowledgements I’d like to thank the following individuals for assisting me in the execution of this campaign: Justina Lister, Angeline Kelly, Jamie Hynds, Ian Trump, Destiny Bertucci, Curtis Ingram, Chris Wiley, Ren Penaflor, Allie Eby, Ann Guidry, Rainy Schermerhorn, Kirsten Tanges, Damon Garcia

2015 KSU So You Want To Be in Cyber Security

Phil Agcaoili

Cyber security is an important and growing field due to increasing threats from cybercriminals. The document discusses why cyber security is needed to protect national security, public health and safety, and economic well-being from issues like hacking of devices like insulin pumps. It notes that many systems and devices are now connected but not sufficiently secured. The document encourages pursuing cyber security as a career path due to the growing number of jobs and need for professionals in the field. It provides tips on how to launch a career in cyber security such as getting educated and certified in important skills.

Security and-cybersecurity-of-information-systems

Marce Torres

This document discusses security and cybersecurity of information systems. It introduces the challenges of ensuring information security in organizations as information technologies have provided many benefits but also risks. Information security aims to protect business data, operations and systems from risks like legal issues and interruptions. Factors like interconnected environments, smaller devices, increasing hackers and cybercrime have made information technologies more complex and vulnerable to secure. The document outlines fundamental concepts of information security and the dimensions of confidentiality, integrity and availability that systems aim to ensure.

Cyber Secuirty Visualization

Doug Cogswell

Case study on how to use Interactive Data Visualization and Predictive Modeling to find the needle in the haystack in SIEM Analytics and Cyber Security. We discuss how to create an analytical sandbox in front of your correlation systems, as well as intrusion, firewall, and virus scan / endpoint protection systems. Our clients include Fortune 100 companies, governments and government agencies, two of the top SIEM vendors, and a variety of mid-sized companies.

12 Top Talks from the 2016 R-CISC Summit

Tripwire

Accenture Security Report 2016 Infographic for Insurance

Accenture Insurance

SEC305 Where do you find your next 20 cloud security experts?

Amazon Web Services

No organization is ever going to be able to hire enough security professionals, so where do you find your next 20 cloud security experts? The common belief is that the only way you can fill a skills gap is with big teams and lots of money. At Robert Half International, we see this differently. The reality is that with the right tools, these people could already be within your organization. See how we built a progressive organization with career growth opportunities, empowering our DevOps and Security teams. This session is brought to you by AWS Summit San Francisco Platinum Sponsor Evident.io.

Industry Insights from Infosecurity Europe 2016

Tripwire

Mastering Advanced Security Profiling Language (ASPL)

Tripwire

Take a deep dive into Tripwire IP360 ASPL, or Advanced Security Profiling Language, and how to extend Tripwire IP360 discovery and profiling to your custom applications and/or policy monitoring. Learn how to create and delete custom ASPL vulnerability conditions, search for specific vulnerabilities within your environment, analyze conditions according to specific parameters, and bind ASPL rules to applications and operating systems.

What's hot

Mhdscs2019 v049n03 010

Turlough Guerin GAICD FGIA

Symantec Webinar | National Cyber Security Awareness Month: Secure IT

Symantec

Cyber security: Five leadership issues worthy of board and executive attention

Ramón Gómez de Olea y Bustinza

Understanding the 8 Keys to Security Success

SecurityOn-Demand

Improving Cyber Security Literacy in Boards & Executives

Tripwire

2017 in Review: Infosec Pros Look Back on the Year

Tripwire

12 Top Talks from the 2017 R-CISC Summit

Tripwire

What Small Business Can Do To Protect Themselves Now in Cybersecurity

Reading Works Detroit

Cybersecurity in the Boardroom

Marko Suswanto

W.E.B. Security Services

W.E.B Security Services LLC

Building the Next Generation ISAC-- A Blueprint for Success

Booz Allen Hamilton

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators

Elizabeth Dimit

Information security for business majors

Paul Melson

Security Kung Fu: Security vs. Compliance

Joshua Berman

2015 KSU So You Want To Be in Cyber Security

Phil Agcaoili

Security and-cybersecurity-of-information-systems

Marce Torres

Cyber Secuirty Visualization

Doug Cogswell

12 Top Talks from the 2016 R-CISC Summit

Tripwire

Accenture Security Report 2016 Infographic for Insurance

Accenture Insurance

SEC305 Where do you find your next 20 cloud security experts?

Amazon Web Services

What's hot (20)

Mhdscs2019 v049n03 010

Symantec Webinar | National Cyber Security Awareness Month: Secure IT

Cyber security: Five leadership issues worthy of board and executive attention

Understanding the 8 Keys to Security Success

Improving Cyber Security Literacy in Boards & Executives

2017 in Review: Infosec Pros Look Back on the Year

12 Top Talks from the 2017 R-CISC Summit

What Small Business Can Do To Protect Themselves Now in Cybersecurity

Cybersecurity in the Boardroom

W.E.B. Security Services

Building the Next Generation ISAC-- A Blueprint for Success

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators

Information security for business majors

Security Kung Fu: Security vs. Compliance

2015 KSU So You Want To Be in Cyber Security

Security and-cybersecurity-of-information-systems

Cyber Secuirty Visualization

12 Top Talks from the 2016 R-CISC Summit

Accenture Security Report 2016 Infographic for Insurance

SEC305 Where do you find your next 20 cloud security experts?

Viewers also liked

Industry Insights from Infosecurity Europe 2016

Tripwire

Mastering Advanced Security Profiling Language (ASPL)

Tripwire

Automating for NERC CIP-007-5-R1

Tripwire

Advanced Vulnerability Scoring and Prioritization

Tripwire

Focus your limited resources on your most critical assets by gaining an intimate understanding of the Tripwire Risk Score preferences and how to best leverage risk matrix reporting (aka, the “Vulnerability Risk Heat Map”). This presentation covers how to prioritize hosts based on asset value and red score thresholds, identify the top 10 most vulnerable hosts on your network, create alerts for excessive host scores, and generate standardized reporting based on CVSS scores.

Building a Business Case for Credentialed Vulnerability Scanning

Tripwire

Tripwire IP360 Learning Labs - Scanning the Hard to Reach Places

Tripwire

Explore how virtual and cloud-based scanning technologies can be used to identify and measure risk on remote and 3rd party networks. Understand how to use Tripwire IP360 and PureCloud Enterprise for detecting vulnerabilities and systems visible to outside attackers, scanning remote locations that cannot easily be scanned over VPN, assessing the security of your business partners and supply chain, and how PureCloud Enterprise can be used to assist with PCI DSS compliance efforts.

Using Dynamic Host Tracking to Ensure Accurate Host Trending for Vulnerabilit...

Tripwire

5 Habits of Highly Effective Endpoint Threat Protection

Tripwire

Vulnerability Management Reporting Treasures in Tripwire Security Intelligenc...

Tripwire

Are You Prepared For More High-Impact Vulnerabilties?

Tripwire

When Heartbleed hit, many thought that it was a one of a kind. As new high-impact vulnerabilities such as Shellshock, POODLE and, to a lesser degree, GHOST have continued to appear, many IT organizations are realizing that this is the new normal. High impact vulnerabilities will continue to be discovered, and businesses must be able to quickly detect, patch and remediate vulnerabilities that affect an enormous number of systems. These massive vulnerabilities raise a number of challenges for IT organizations. Tripwire Security Analyst, Ken Westin, discusses: - Steps you can take today to minimize risk and exposure before the next high impact vulnerability is announced - How to develop a rapid response plan that will reduce the time required to identify new vulnerabilities on traditional operating systems as well as network and security devices - Key steps required to quickly identify potentially exploited systems so you can contain and remediate specific threats

Network Situational Awareness using Tripwire IP360

Tripwire

Tripwire IP360 Vulnerability Management: Searching FOCUS for Security Analyti...

Tripwire

Tripwire IP360 Vulnerability Management

Tripwire

Security Mentors: Honoring Those Who Inspired Our Love of Infosec

Tripwire

Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

Tripwire

The information security world went on a rollercoaster ride in 2016. Records were set for reported ransomware payments, reported vulnerabilities, Microsoft security bulletins, and size of DDoS attacks. 2016 saw a continuation of name-brand vulnerabilities, as well as major world events dominating the news cycles for most of the year: the Olympics, Brexit, and the US Presidential Election. These high-profile events presented opportunities for cyber criminals to attack vulnerable IT environments. In this webcast, Tripwire experts Travis Smith and Chris Conacher discussed: -Cyber events that had a big impact over the past 12 months, including the DNC Hack, Badlock, Mirai Botnet, and more -Lessons learned from these events, that will help to ensure your own IT environment

Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)

Tripwire

Cyber security experts David Meltzer, Chief Research Officer at Tripwire; Tony Gore, CEO at Red Trident Inc.; and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets – networks, endpoints and controllers. Key Takeaways: · Learn how to automate and simplify the inventory process and secure your assets · Understand what cyber security standards may apply to your unique environment · Hear real-world tips on how to prioritize and work across functional silos within your company · Receive an industrial cyber security assessment checklist to help gauge your starting point

Takeaways from Black Hat 2016

Tripwire

Tripwire Adaptive Threat Protection

Tripwire

Learn how Tripwire helps you to discover the assets on your network and quickly identify and tag the vulnerable assets while applying the appropriate policies and remediation to improve your security posture and efficiencies while reducing the overall cost to your organization. In this presentation, Tripwire’s CTO, Dwayne Melançon, discusses how vulnerability scanning can produce vulnerability intelligence, and how that intelligence can be integrated with other sources of context from within information security to produce more effective and efficient detection, response and prevention.

Tripwire University Boot Camp – Economy of Bad

Tripwire

Christopher Beier, Sr. Product Manager of SCM products, explores how a marketplace exists for those who operate in the “economy of bad.” He explains how this economy manifests itself, what the role breaches play, what the value of product is and how stolen information fuels this economy. He reviews some of the types of attackers and what their motivations are, showing common attacker methods and attack types.

Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield

Tripwire

Viewers also liked (20)

Industry Insights from Infosecurity Europe 2016

Mastering Advanced Security Profiling Language (ASPL)

Automating for NERC CIP-007-5-R1

Advanced Vulnerability Scoring and Prioritization

Building a Business Case for Credentialed Vulnerability Scanning

Tripwire IP360 Learning Labs - Scanning the Hard to Reach Places

Using Dynamic Host Tracking to Ensure Accurate Host Trending for Vulnerabilit...

5 Habits of Highly Effective Endpoint Threat Protection

Vulnerability Management Reporting Treasures in Tripwire Security Intelligenc...

Are You Prepared For More High-Impact Vulnerabilties?

Network Situational Awareness using Tripwire IP360

Tripwire IP360 Vulnerability Management: Searching FOCUS for Security Analyti...

Tripwire IP360 Vulnerability Management

Security Mentors: Honoring Those Who Inspired Our Love of Infosec

Breaking In and Breaking Records – A Look Back at 2016 Cybercrimes

Industrial Cyber Security: What You Don't Know Might Hurt You (And Others...)

Takeaways from Black Hat 2016

Tripwire Adaptive Threat Protection

Tripwire University Boot Camp – Economy of Bad

Tripwire University Boot Camp – The Shifting Landscape: Know Your Battlefield

Similar to How to Improve Your Board’s Cyber Security Literacy

7350_RiskWatch-Summer2015-Maligec

Christine Maligec, CRM-E, CRIS

This document summarizes interviews with cybersecurity professionals about the current state of cyber risks. The interviewees discuss how senior leaders' understanding of cyber risk has improved but still faces challenges from technical complexity and uncertainty. The biggest barriers to protection are underfunding security and lack of user awareness training. A "bad day" would involve a major data breach or systems outage. The threats of organized crime, state-sponsored attacks, and exploiting human weaknesses will continue to evolve rapidly. Information sharing and early education are opportunities to stay ahead of this threat.

Cyber security framework

Yann Lecourt

CISOs are moving from compliance-based cybersecurity programs to risk-based programs focused on the organization's strategic needs. Frameworks help CISOs assess risks, prioritize threats, develop strategies, and communicate priorities to gain support. While compliance is still important, frameworks drive strategic investments in reducing the highest risks. CISOs customize frameworks and use third-party skills and data to implement risk-based programs.

From checkboxes to frameworks

Vincent Bellamy

This document discusses how Chief Information Security Officers (CISOs) are moving from compliance-based cybersecurity programs to risk-based programs. It finds that CISOs are increasingly using customized frameworks to assess risk, prioritize threats, and communicate cybersecurity strategy to upper management. This allows them to focus investments on reducing real risks to the organization rather than just meeting compliance requirements. The document also examines challenges CISOs face in the transformation, such as communicating priorities and making strategy understandable. It provides examples of how frameworks have helped CISOs increase collaboration and support from executives to better implement security strategies.

Sem 003

SelectedPresentations

The seminar agenda covers various security leadership topics over half day sessions. The first session discusses the maturity lifecycle of a security program. The second session focuses on building a security team and provides five lessons from experience. The third session examines the role of the CISO in providing influence and decision support through effective communication and relationship building. The final session questions whether security leaders are fighting the wrong battles.

From checkboxes to frameworks

Andréanne Clarke

CISOs are moving from compliance-based cybersecurity programs to risk-based programs focused on addressing the real security risks organizations face. They are adopting sophisticated frameworks to assess threats, prioritize investments, and communicate strategy to stakeholders. Frameworks provide standards and best practices to protect systems and data, helping CISOs focus on strategic goals rather than just checking boxes. Customizing frameworks based on an organization's unique risks and needs leads to deeper understanding and more effective security programs.

Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy

Mighty Guides, Inc.

The COVID-19 pandemic challenged organizations' security operations in significant ways by shifting workforces largely to remote environments. This changed the typical infrastructure topology protections and required a new focus on individual endpoints. Experts recommend organizations identify gaps by evaluating how the changes have impacted connectivity, communications, and collaboration capabilities. They also advise reassessing threat models, attack surfaces, security tools, and operations to ensure no new blind spots were introduced by the shift to remote work. Being able to proactively identify gaps is critical for organizations to build resilience against evolving threats.

SBIC Enterprise Information Security Strategic Technologies

EMC

A CIRO's-eye view of Digital Risk Management

Daren Dunkel

The document discusses an interview with James Christiansen, VP of Information Risk Management for Optiv Security, which was formed from the merger of Accuvant and Fishnet Security. Christiansen discusses how the role of CISO is changing to focus more broadly on information risk management (CIRO). He emphasizes the importance of aligning cybersecurity spending with business objectives and risk exposure. In an ideal security program, there would be clear governance, reporting to the executive team, and balance between protective measures, visibility, and incident response capabilities. The document ends by discussing questions boards should ask executives about cybersecurity risks and oversight of the security program.

speaking-to-board-securiity-whitepaper

Bilha Diaz

This document provides guidance for chief information security officers (CISOs) on engaging with their organization's board of directors regarding cybersecurity. It notes that boards are increasingly involved in overseeing security due to regulatory pressures and high-profile data breaches. The document offers advice on how CISOs can establish effective communication with boards, including translating technical security topics into business impacts and risks, benchmarking the organization's security posture against industry peers, and quantifying security issues and their associated costs and risk exposure. The goal is for CISOs to gain board support for their security programs and help boards understand security's strategic importance in reducing risks to the business.

Finding a strategic voice

IBM India Smarter Computing

The document summarizes the findings of a study conducted by IBM's Center for Applied Insights that interviewed 138 security leaders from different industries and countries. It found that security organizations can be categorized into three groups: Influencers, Protectors, and Responders based on their self-assessment of security maturity and preparedness. Influencers have the most strategic approach, seeing security as a business priority. They are more likely to have a dedicated CISO, security budget, and measure progress. The study shows that Influencers' integrated, risk-based approach can serve as a model for other organizations looking to improve their security posture and leadership.

Insights from the IBM Chief Information Security Officer Assessment

IBM Security

To obtain a global snapshot of security leaders’ strategies and approaches, the IBM Center for Applied Insights conducted double-blind interviews with 138 security leaders – the IT and line-of-business executives responsible for information security in their enterprises. Some of these leaders carried the title of Chief Information Security Officer (CISO), but given the diversity of organizational structures, many did not. The Center supplemented this quantitative research through in-depth conversations with 25 information security leaders. Participation spanned a broad range of industries and seven different countries. Nearly 20 percent of the respondents lead information security in enterprises with more than 10,000 employees; 55 percent are in enterprises with 1,000 to 9,999 employees.

SBIC Report : Transforming Information Security: Future-Proofing Processes

EMC

The report recommends that security teams shift their focus from technical assets to protecting critical business processes. It also suggests instituting methods for describing cybersecurity risks to businesses in financial terms and establishing automated, business-centric risk assessment processes. Additionally, the report advises developing the capability to continuously evaluate the effectiveness of security controls through evidence-based methods and informed data collection.

Cyber presentation spet 2019 v8sentfor upload

savassociates1

Weakest links of an organization's Cybersecurity chain

Sanjay Chadha, CPA, CA

Rogers eBook Security

Rogers Communications

Cybrary's navigating a security wasteland

Devendra kashyap

1. The document summarizes an interview with Malcolm Harkins, Chief Security and Trust Officer at Cylance, about preventing malware infections and how organizations struggle to keep up with prevention methods and identifying risks. 2. Harkins notes that organizations suffer from alert fatigue and are unable to keep up with the constant "whack-a-mole" of security issues. He suggests deploying lightweight prevention agents that can work both online and offline. 3. When asked about how customers struggle, Harkins says they need solutions to reduce risks, lower security costs, and decrease friction between security and business operations. Most organizations find it difficult to continuously manage all the new technologies, software, and third parties joining

Open group spc rosenthal v3

City of Toronto

1. The document discusses the relationship between information security and security architecture, noting that while they are complementary, they are often confused or conflated in practice. 2. It recommends developing strategic plans and implementation schedules for both information security and security architecture to better disentangle their spans of control, authorities, and skill set requirements. 3. Having clearly defined strategic plans would help manage the "practice edges" between information security and security architecture.

Balbix-New-CISO-Board-Deck.pptx

jjvdneut

The CISO is presenting to the board of directors to introduce cyber risk management at the company. The presentation covers three key areas: introducing cyber risk and the company's framework for managing it, the strategic roadmap and metrics for the information security function, and establishing information security as a board-level topic. The goal is to help the board understand cybersecurity risks, provide oversight of risk management, and introduce the CISO's vision and plans to improve the security posture.

Balbix-New-CISO-Board-Deck.pptx

jjvdneut

BLACKOPS_USCS CyberSecurity Literacy

Casey Fleming

1) Cybersecurity has become a major concern for boardrooms as data breaches are increasingly common and costly. The FBI has warned that data breaches increased 400% in recent years. 2) Effective cybersecurity requires a company-wide effort overseen by leadership. It is no longer just an IT issue but a business risk that must be addressed from the top down. 3) To properly advise CEOs and boards, cybersecurity experts must understand the true threats including nation-state attacks and opportunistic hackers, and recommend risk-reducing strategies in business terms palatable to non-technical leadership.

Similar to How to Improve Your Board’s Cyber Security Literacy (20)

7350_RiskWatch-Summer2015-Maligec

Cyber security framework

From checkboxes to frameworks

Sem 003

From checkboxes to frameworks

Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy

SBIC Enterprise Information Security Strategic Technologies

A CIRO's-eye view of Digital Risk Management

speaking-to-board-securiity-whitepaper

Finding a strategic voice

Insights from the IBM Chief Information Security Officer Assessment

SBIC Report : Transforming Information Security: Future-Proofing Processes

Cyber presentation spet 2019 v8sentfor upload

Weakest links of an organization's Cybersecurity chain

Rogers eBook Security

Cybrary's navigating a security wasteland

Open group spc rosenthal v3

Balbix-New-CISO-Board-Deck.pptx

BLACKOPS_USCS CyberSecurity Literacy

More from Tripwire

Mind the Cybersecurity Gap - Why Compliance Isn't Enough

Tripwire

Data Privacy Day 2022: Tips to Ensure Data Privacy

Tripwire

Key Challenges Facing IT/OT: Hear From The Experts

Tripwire

When you think of Information Technology (IT) and Operational Technology (OT), which side are you on? You may not feel that you fall on any side of that technological skirmish, but when you stop to carefully consider the differences in these two disciplines, it is nearly impossible to avoid a tendentious leaning. However, the time may be upon us when the conflicts of IT and OT will be put to rest for the broader purpose of making businesses more agile, efficient, resilient and ultimately, more profitable. We spoke with experts in the field who offered their insights about the challenges facing IT and OT convergence. Here’s what they shared!

Tripwire Energy Working Group: TIV Demo

Tripwire

The document discusses new features in Tripwire Industrial Visibility (TIV) including: 1) USB detection that monitors USB devices plugged into OT assets and provides visibility of USB usage. 2) Physical connection visibility that displays physical connections between assets in asset views and layered graphs. 3) DNS artifact monitoring for threat hunting by visualizing DNS activity to detect compromise. 4) Network session analytics that provides session information and detects physical network issues from traffic volumes and retransmissions.

Tripwire Energy Working Group Session w/Dale Peterson

Tripwire

The document discusses how executives ask questions about security risks from a business perspective rather than solely as a technical issue. It focuses on assessing risk as a combination of consequence and likelihood of various incidents. The key message is that organizations should prioritize reducing the potential consequences of incidents, such as compromises of control systems, as this can be a more effective way to manage overall risk than focusing only on reducing likelihoods through technical security controls. Reducing consequences may involve design choices to prevent safety and operational impacts from cyber or other incidents.

Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through

Tripwire

Tripwire Energy Working Group: Customer Session with Chase Cole

Tripwire

1. There are several ways to integrate assets into Tripwire including directly via an agent on Windows/Linux systems, directly via SSH, or indirectly if the device does not support SSH or an agent. 2. Assets can be tagged with information like location, classification, owner, manufacturer, and model. Pre-built tagging profiles are available. 3. Tripwire policies can include tests of security settings and configurations to check for compliance with standards like NERC CIP. Tests produce pass/fail results and noncompliance can trigger alerts or reports.

Tripwire Energy Working Group: Keynote w/Patrick Miller

Tripwire

The document discusses the state of cybersecurity in the electric utility industry. It summarizes that infrastructure is a frequent target of cyber attacks from organized crime, nation states, and other adversaries. It also notes that new regulations and frameworks are being introduced at the national level to improve critical infrastructure security and resilience. Utilities are recommended to gap assess controls, improve monitoring, response capabilities, and conduct incident response exercises to prepare for increasing cybersecurity requirements.

World Book Day: Cybersecurity’s Quietest Celebration

Tripwire

Tripwire Retail Security 2020 Survey: Key Findings

Tripwire

As online sales surge, retail cybersecurity professionals are taking additional precautions to protect their organizations and their customers’ data. On top of this, the COVID-19 pandemic has driven even more consumers to turn to online shopping. Tripwire worked with Dimensional Research to better understand cybersecurity programs in the retail industry as they prepared for the holiday season. Download the full report here: https://www.tripwire.com/solutions/solutions-by-industry/retail-and-hospitality/retail-holiday-cybersecurity-survey-report

Key Findings: Tripwire COVID-19 Cybersecurity Impact Report

Tripwire

The Adventures of Captain Tripwire: Coloring Book!

Tripwire

Kathy Tippington is a computer programmer and CEO who moonlights as the superhero Captain Tripwire. She uses her high-tech powers to stop villains from attacking critical systems to prevent people from making new toys. Captain Tripwire stops the first wave of attacks with the help of "The Cloud". However, the villains then attack Captain Tripwire's base, but are ultimately defeated and find themselves in a sticky situation.

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

Tripwire

The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...

Tripwire

Tripwire 2019 Skills Gap Survey: Key Findings

Tripwire

A Look Back at 2018: The Most Memorable Cyber Moments

Tripwire

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits

Tripwire

This document discusses successfully creating an IT service at Mercy Health to address organizational challenges and compliance needs. It describes implementing Tripwire Enterprise for change detection and monitoring to gain visibility into their IT environment, validate approved changes, and produce reports for audits. This improved governance of controls, reduced audit findings, and provided a key strategy for their security operations center and PCI compliance efforts. Going forward, Tripwire will help address other regulatory needs and expand its use for security configuration management.

Tripwire State of Cyber Hygiene 2018 Report: Key Findings

Tripwire

Defend Your Data Now with the MITRE ATT&CK Framework

Tripwire

MITRE is a not-for-profit organization that operates federally-funded research and development centers. Their ATT&CK framework is a useful cybersecurity model illustrating how adversaries behave and explaining the tactics you should use to mitigate risk and improve security. ATT&CK stands for “adversarial tactics, techniques and common knowledge.” This presentation explores a methodology for pairing proven industry frameworks like MITRE ATT&CK with threat modeling practices to quickly detect and respond to cyber threats. With this approach, industrial organizations can slice their infrastructure into smaller components, making it easier to secure their assets and minimize the attack surface. Takeaways include how to: -Make the most out of their threat intelligence feeds -Report on progress and compliance -Negotiate trust relationships in the intelligence sharing cycle -Improve their organization’s overall security posture

Defending Critical Infrastructure Against Cyber Attacks

Tripwire

In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered. Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats. Topics covered include: -Examples of some of the most recent cyber-attacks to critical infrastructure -Why traditional IT security approaches won't work -Recommended approaches for securing critical infrastructure

More from Tripwire (20)

Mind the Cybersecurity Gap - Why Compliance Isn't Enough

Data Privacy Day 2022: Tips to Ensure Data Privacy

Key Challenges Facing IT/OT: Hear From The Experts

Tripwire Energy Working Group: TIV Demo

Tripwire Energy Working Group Session w/Dale Peterson

Tripwire Energy Working Group: CIP Solutions and Baseline Walk-Through

Tripwire Energy Working Group: Customer Session with Chase Cole

Tripwire Energy Working Group: Keynote w/Patrick Miller

World Book Day: Cybersecurity’s Quietest Celebration

Tripwire Retail Security 2020 Survey: Key Findings

Key Findings: Tripwire COVID-19 Cybersecurity Impact Report

The Adventures of Captain Tripwire: Coloring Book!

Industrial Cybersecurity: Practical Tips for IT & OT Collaboration

The Adventures of Captain Tripwire #1: Captain Tripwire Faces the Indefensibl...

Tripwire 2019 Skills Gap Survey: Key Findings

A Look Back at 2018: The Most Memorable Cyber Moments

Time for Your Compliance Check-Up: How Mercy Health Uses Tripwire to Pass Audits

Tripwire State of Cyber Hygiene 2018 Report: Key Findings

Defend Your Data Now with the MITRE ATT&CK Framework

Defending Critical Infrastructure Against Cyber Attacks

Recently uploaded

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...

Zilliz

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

20 Comprehensive Checklist of Designing and Developing a Website

Pixlogix Infotech

Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Zilliz

Generative AI Deep Dive: Advancing from Proof of Concept to Production

Aggregage

“I’m still / I’m still / Chaining from the Block”

Claudio Di Ciccio

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Communications Mining Series - Zero to Hero - Session 1

DianaGray10

This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered: • Communication Mining Overview • Why is it important? • How can it help today’s business and the benefits • Phases in Communication Mining • Demo on Platform overview • Q/A

A tale of scale & speed: How the US Navy is enabling software delivery from l...

sonjaschweigert1

Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved: - Reduction in onboarding time from 5 weeks to 1 day - Improved developer experience and productivity through actionable findings and reduction of false positives - Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO) Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production. We will cover: - How to remove silos in DevSecOps - How to build efficient development pipeline roles and component templates - How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence) - How to streamline operations with automated policy checks on container images

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

Large Language Model (LLM) and it’s Geospatial Applications

Rohit Gautam

Recently uploaded (20)

Climate Impact of Software Testing at Nordic Testing Days

Monitoring Java Application Security with JDK Tools and JFR Events

Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...

20240605 QFM017 Machine Intelligence Reading List May 2024

20 Comprehensive Checklist of Designing and Developing a Website

Video Streaming: Then, Now, and in the Future

PCI PIN Basics Webinar from the Controlcase Team

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

Building RAG with self-deployed Milvus vector database and Snowpark Container...

Generative AI Deep Dive: Advancing from Proof of Concept to Production

“I’m still / I’m still / Chaining from the Block”

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Communications Mining Series - Zero to Hero - Session 1

A tale of scale & speed: How the US Navy is enabling software delivery from l...

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Full-RAG: A modern architecture for hyper-personalization

Large Language Model (LLM) and it’s Geospatial Applications

How to Improve Your Board’s Cyber Security Literacy

2. Colin Anderson VP of Infosec & CISO Levi Strauss Larry Clinton President & CEO ISA Colleen Brown Associate Sidley Austin LLP Dwayne Melancon VP R&D & CTO Tripwire

7. Encourage boards to focus on risk, not security Provide context and comparisons whenever possible Develop key indicators/metrics that tell a story, are easy to understand and talk to business risk Colin Anderson VP of Infosec & CISO Levi Strauss

8. Change how you think about cyber security Change how you talk about cyber security Use the NACD Handbook for reaching boards and sr. managers Larry Clinton President & CEO ISA

9. Ensure you have a comprehensive data protection program Ensure the board is engaged on cybersecurity and develop a record of that engagement Consider putting resources in place in advance, including cyber- insurance and pre-engaging with third-party service providers Colleen Brown Associate Sidley Austin LLP

10. Use the headlines as “teachable moments” Before bringing topics to the board, ask “Is this appropriate for the board, or should it be management’s responsibility?” Communicate in terms of impact to the business – for example, leverage annual reports, relate to key risks and objectives Dwayne Melancon VP R&D & CTO Tripwire

11.

12. Threat Intelligence Adaptive Threat ProtectionEndpoint Intelligence Vulnerability Intelligence Threat Analytics Forensics Zero-Day Detection Threat Response Log & Event Intelligence

13.

14. tripwire.com | @TripwireInc

How to Improve Your Board’s Cyber Security Literacy

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to How to Improve Your Board’s Cyber Security Literacy

Similar to How to Improve Your Board’s Cyber Security Literacy (20)

More from Tripwire

More from Tripwire (20)

Recently uploaded

Recently uploaded (20)

How to Improve Your Board’s Cyber Security Literacy