I get to speak to a masters in cyber security class at a major university on Monday.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry For high-level Corp. mgmt., communication governance in an incident is key. They may have to manage confidentiality while allowing the investigation to proceed, and they shouldn't allow info to propagate, even though high-ranked officials will demand access to the info. The story could get out before they could control this, which (obvs) will be detrimental to the stock price.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry ROI , risk management, and throw in whaling examples. Have them think of a DFIR budget as insurance.
-
R relay@relay.an.exchange shared this topic
-
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
@jerry cybersecurity means being both the problem and the solution. ducks
-
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
@jerry Nah. I didn’t, and it went fine.
-
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
@jerry Call it Super Security.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry This is broader than just risk, but my advice on talking to top leadership is to pay very close attention to the questions they ask. They are trying to make decisions about what the company should do, and if you are talking to them, it's likely because someone thinks you have information that could help them make that decision.
Have understandable answers and plan for the follow-up questions. Identify the key points you think the leaders need to know but may not know to ask.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry Also, it absolutely has to be established that Infosec runs the investigation, and can be allowed to turn things off. I once ran an incident communications workshop where the PR dept. said flatly: we will be running the investigation, as if they knew anything about systems. They wanted to govern the story completely.
-
@Sempf @da_667 @DamonHD @jerry sure, its totally possible for people to be nerds and that not match their major. ive just encountered so many people with a 'masters in cybercyber' that dont have even basic experience, like installing an os or configuring a linksys its tainted the whole degree for me
-
-
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
@jerry It’s when you “cyber” securely, e.g. door closed, lights off, all alone.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry
Risk, as a cost -
@jerry relating any recommendations to financial impact is all they care about. How much it will cost to implement, vs. how much it'll cost if we don't implement it.
-
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
@jerry I put on my robe and wizard hat… securely
-
@jerry I put on my robe and wizard hat… securely
@hotsoup I doubt anyone there will be old enough to understand that reference
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry Also generally, security risk frameworks don't align with financial risks. To quote Jacquith, how do controls relate to business value? This is the problem they're going to have to solve.
-
I get to speak to a masters in cyber security class at a major university on Monday. They are learning about interacting with senior leadership/BoD on topics of cyber risk. I have many stories to share with them, but curious if y’all have any ideas on what you thank that group should know
@jerry have you read the CISO Report?
https://www.garymcgraw.com/wp-content/uploads/2018/01/CISO-2017.pdf
-
@hotsoup I doubt anyone there will be old enough to understand that reference
-
I should probably figure out what cyber security means before I go speak to a masters class about cyber security.
@jerry going all philosophical
-
@jerry I put on my robe and wizard hat… securely
