CISO Stories Podcast (Audio‪)‬ SC Media

CISOs must prioritize the intelligent selection of cybersecurity products by considering the total cost of ownership (TCO) and whether point products or platforms are best suited. This includes the costs of deployment and operations for people, processes, and technology, as well as the ongoing maintenance and support of a product. By considering the TCO of various products, CISOs can make more informed decisions and choose the products that will provide the best value for the organization. Choosing a more expensive product with a lower TCO can be a more cost-effective option overall, as these products often require less maintenance and provide better protection against cyber threats. In a market where capital efficiency is a key concern, this is an essential consideration for CISOs.
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-177

Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governance requirements are: GDPR, ISO/IEC 27001:2022 The internal policies pertaining to gathering data, processing data, storing date, and disposal of data storing data, and disposal of data are a concern of information security. These polices also affect but also asset management, It governs who can access what kinds of data and what kinds of data are under governance.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-176

Data is the fuel of modern organizations. Data governance ensures the quality of that fuel, as well as ensure its optimal utilization. It ensures that people use and access data appropriately. This value is timely in the face of artificial intelligence offerings whose utility relies on quality data.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-175

As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting essential information. Good data governance processes are essential for effective security.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-174

Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-173

The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what needs to be done to secure OT.
This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them!
Visit https://cisostoriespodcast.com for all the latest episodes!
Show Notes: https://cisostoriespodcast.com/csp-172