Patching – one of the surefire ways to help your organization mitigate the risk of being compromised due to software defects or security weaknesses. As security professionals, we’ve seen the gambit when it comes to patching, on one end of the spectrum there are organizations where half or more of their servers haven’t been patched in years and on the other end there are those where they validate build specs and spin up new servers multiple times a day.
We’ve heard all the horror stories… Target, Jeep, Michael’s… and sadly, the list keeps growing. Third-Party risk management issues have been the talk of mainstream media for some time now. Who hasn't been personally impacted, or known someone who has had their personal data exposed? As security professionals, we are often asked to help organizations complete Third-Party risk assessments, but are the 800-question questionnaires actually helping mitigate risk? Would it be more beneficial to see the results of your Third-Party’s pen test? Let’s take a deeper dive and ask, how much scrutiny is ‘enough’?
I went to this year’s RSA Conference in San Francisco with the intention of learning more about risk management, which led me to select sessions called “Advancing Information Risk Practices,” “How Infosec Maturity Models are Missing the Point,” and “How to Measure Anything in Cybersecurity Risk.” While I was intrigued by all of the presenters, it was Jack Jones that drew me in. All three of the sessions, even if not presented by him, centered on his body of work and/or examples that supported his thinking.
To the casual observer, when I'm training for triathlons, it may look like I’m just hard at play. However, that is when I do a lot of my deepest thinking and churning of thoughts. (What else are you gonna do with an hour staring at the bottom of a pool?!) One of my streams of thoughts was around some of the training activities I needed to do to prepare for my big triathlon this summer, and that many of the training concepts could also be applied to preparing for and implementing business transformation: What are my goals for this year? What is my current fitness level? Which skill area do I need to improve? Do I have the right equipment? Should I hire a coach this year? How am I going to stay injury-free? How am I going to stay focused on training among family, work, and everyday life?
Topics: Business Transformation