InfoSec Fatigue

This week's episode of Defense in Depth
InfoSec Fatigue

On this episode of Defense in Depth:Co-host Allan Alford and Helen Patton, CISO, The Ohio State University, discussed:

• Are we sliding in our effort to get ahead of security issues? There's a sense the tools and our ability isn't keeping up with the onslaught.
• Are we able to prove risk reduction to show that our efforts are successful?
• Those people who don't burn out are the ones who thrive on the technical and political challenges of cybersecurity.
• Disagreement on how you lead a discussion. Should it be story-based or data-based?
• Classic complaint about cybersecurity is success is measured by the absence of activity.
• Preventative security is not easily quantifiable as reactive security.
• CISOs have to step up and show evidence of security's success in the most understandable and digestible format. Suggested measures and metrics: likelihood and impact, business impact analysis, security program maturity curve, framework compliance, pen test results, and threat modeling.
• FUD (fear, uncertainty, and doubt) may be effective in the short run, but it's exhausting. It never works in the long term.
• Approach cybersecurity altruistically. If it benefits you and those around you, then it's worth doing.
• Lean on security vendors to help you show the value of their product. The business impact will be on the CISO's shoulder, but the vendor should help build the case

Read more: https://cisoseries.com/defense-in-depth-infosec-fatigue/

Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securitymanagement #infosec #ransomware #datasecurity #cisoseries