29 (1).docx

Chat with Document Download Quiz & Flashcards

Document Details

DefeatedRomanArt

Uploaded by DefeatedRomanArt

Related

Full Transcript

CISO consists of Security Operations Monitoring {SOC, SIEM} Incident response Threat Intelligence Pen testing Strategy & Policies Specific strategies Policies Assessment of current capabilities Prioritization of gaps to be addressed Risk Management risk visuals Risk meetings Business impact asse...

CISO consists of Security Operations Monitoring {SOC, SIEM} Incident response Threat Intelligence Pen testing Strategy & Policies Specific strategies Policies Assessment of current capabilities Prioritization of gaps to be addressed Risk Management risk visuals Risk meetings Business impact assessments Legal & regulatory assessments Risk acceptances GRC tool management Assurance & Controls Testing Developing an assurance approach and plan Advising on the development of controls Annual testing cycle Working with internal and external auditors, and AC Certification other regs Third-party assurance Communication & Training Communication plan and materials Skills assessment and training plan, and training materials User awareness campaigns Phishing simulation exercises Stakeholder communication materials Projects Developing and managing the annual budget Developing the programme delivery plan Securing delivery resources Managing stakeholders and business change Managing project delivery Physical Security & Business Continuity Site access Insider threat, business ethics & compliance Pirates, kidnapping and corporate espionage Senior exec protection High risk travel Crisis management CISO – Security Manager takes care of leadership as its senior leader engagement, decisions and messaging. Deals with external engagement and escalations. CISO can report to: CIO/CTO CEO Group Risk Controller Head of Internal Audi Head of Corporate Security Head of Operations Which of these should be managed by the CISO and why? Monitoring, SIEM, SOC They help in detecting, analyzing, and responding to cybersecurity incidents using a combination of technology solutions and processes. As such, they are directly linked to the operational security of the company and should be overseen by the CISO to ensure that the security posture is proactive and responsive. Incident response Incident response involves handling a security breach or attack once it occurs. This includes planning, managing, and coordinating the response to mitigate the damage. The CISO is responsible for ensuring that the incident response plan is robust, tested, and effective, and that the team is prepared to execute it under real-world conditions. Threat intelligence Gathering and analysing information about potential threats can inform protective measures and strategic security planning. The CISO should manage this area to integrate this intelligence effectively into the organization’s security strategies and operational defences Pen testing – do not manage day to day but can oversee a program to ensure it aligns with risk management strategy. Business continuity management / recovery Ensuring the organization can continue to operate in the event of major incidents or disasters, including cyber attacks, is crucial. The CISO should be involved in these plans to integrate them with the incident response strategies and ensure security considerations are embedded in business continuity plans. Network security This encompasses all the technologies, processes, and policies designed to protect network data and resources. Network security is fundamental to protecting an organization's information assets, and therefore, the CISO should oversee these efforts to ensure they are adequate and effective against current and evolving threats. Identity & access management Managing who has access to what within an organization is a critical component of its security posture. IAM is key to protecting against unauthorized access to systems and data. As IAM directly impacts the security of every user and system in the company, the CISO should manage this area to ensure policies and technologies are correctly implemented to mitigate insider threats and manage digital identities effectively All of the them are within the scope of CISO but it depends on size and structure of organization and the specific industry. Security in Theory…. NIST framework consists of Identity Protect Detect Respond Recover And lifecycle goes on… Challenges faced in the world are : complexity, competing priorities and capacity. Complexity = dimensionality x interdependence Key Risks when buying a company Capacity : budget, skilled people, priority, attention, appetite for change Insider/ dynamic threats Investments Accountabilities 3rd parties Competing priorities: Successful career in security : Commerciality Centred Curiosity YOU must be Business leader Security professional Practical Policing