We got a message from a listener asking for some discussion about putting the data first and securing it with that mind - the inside out, rather than looking at the perimeter and infrastructure and working back toward the data - outside in.
And since we love our listeners and your feedback, we took the chance to cover this topic in depth. In the process we also covered:
- Data Loss Prevention - Is it possible to improve this without the painful data classification, startup work or culture change?
- When doing data analysis for attacks (or fraud) you have to account for the fraud already baked in the normal you know today
- We can’t meaningfully count on IP address for geography…thanks to security asking for more use of VPNs
- The pros and cons and risks to ponder when securing data in on premise vs. cloud/SaaS arrangements
- When is the right time to establish a security team in a growing company? And how bad will the data sprawl be when they arrive?
- Will the CTO/CIO and the CISO merge into a single role? Will the CIO report to the CISO eventually? It depends, of course, on the people and the organisation
- Controls today may not be the controls we need for tomorrow
- We try to secure things, but there’s also important value in good use of data to improve a business
- Sunk cost fallacy and Security: when to burn it all down and start over
- Audit is the best friend of the CISO: a new set of eyes and accountability partner makes all the difference
Dan also goes on a small tirade over the way security professionals use the term “the business” as something distinct from the security team that is absolutely part of the business itself. Enjoy that soapbox moment.
We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.
Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.
Thanks for listening!Support The Great Security Debate
- The Security of Cloud Services and SaaS in 2021 – Part 1 – Secratic
- The Great Security Debate Episode 33: Log4Jelly of the Month Club
- The Future Of The CISO — Six Types Of Security Leaders
- Amazon.com: Rocket Fuel: The One Essential Combination That Will Get You More of What You Want from Your Business: 9781942952312: Wickman, Gino, Winters, Mark C.: Books
- The Sunk Cost Fallacy - The Decision Lab
- Amazon.com: The Infinite Game eBook : Sinek, Simon: Kindle Store
- The Innovator's Dilemma: The Revolutionary Book That Will Change the Way You Do Business: Christensen, Clayton M.: 8601300047348: Amazon.com: Books
- How Emotionally Intelligent People Use the 'Emergency Exit Rule' to Win Almost Every Argument
- Why CIOs Should Report to CISOs