Monday, Dec 6, 2021

What is the reason for your security failure?

On this episode of Life of a CISO, I answer the question: Why is my security failing? Breaches, whether your organization is large or small, are..

title



On this episode of Life of a CISO, I answer the question: Why is my security failing? Breaches, whether your organization is large or small, are almost an inevitable part of cybersecurity. That’s why it’s not enough to prevent attacks, you must detect them immediately. It’s possible that you have servers that you don’t know about, and if that’s the case you can’t patch what you don’t know. What’s more, many servers are not very secure because they have the same encryption key as other servers. This would be like going to a hotel and having one key open every hotel room! A final reason that your organization is unsafe is that your system generates so many alerts that you can’t handle them. If you have so many alerts that you ignore them, you might as well not have an alert at all. So fine-tune your security settings to respond to important alerts, not all alerts. In review: 100% patching for critical systems, data must be encrypted with separate keys, prevention is ideal, detection is a must



📖 [ORDER] Cyber Crisis Book
How to Protect your Business from Real Threats in the Virtual World
https://secure-anchor.com/cybercrisis/


🔑 [FREE MASTERCLASS]
Discover How You Can Advance Your Career Through Cybersecurity
https://safe.secure-anchor.com/nl-web-ciso46668983

Show notes:
0:21 Bake your pie
0:51 Marie Callender's story
1:51 She was a busy single mom
2:16 What if she didn’t bake that pie?
4:01 This is what happens when you bake one pie
4:58 What is your purpose, what is your “pie?”
6:34 Join me on a mission to make cyberspace safe
8:49 You have one life, enjoy it
9:14 Why is security failing?
11:12 I’ve never worked on an incident where they were aware of a vulnerability
12:46 You can’t patch a server you don’t know about
14:10 I start with external IP addresses
15:10 Configuration management
16:43 Rule of 90%
19:58 How did the adversary get in?
23:19 The hotel analogy
25:28 We put all of our energy into prevention, not detection
27:11 If you generate 1,000 alerts and can only respond to 200, it’s a failed solution
29:11 Review: 100% patching for critical systems, data must be encrypted with separate keys, prevention is ideal, detection is a must


About Dr Eric Cole
Eric Cole, PhD, is an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.


#CISO #WorldClassCiso

--------------------------------

By: Dr Eric Cole
Title: Why is your organization's security failing?
Sourced From: www.youtube.com/watch?v=FLaQTY8tdp0

Did you miss our previous article...
https://chiefinformationofficer.blog/videos/inflation-today-is-the-day-tomorrow-is-gone