Time
1 hour 2 minutes
Difficulty
Advanced
CEU/CPE
1

Video Transcription

00:01
hello and welcome back to revenue protection as a C so
00:06
and this module will discuss how to maximize your budget
00:10
and
00:11
the need to focus on the basics.
00:16
The average enterprise uses 75 security products to secure their network. 75. That's a lot. Um,
00:26
there's a lot of noise, a lot of monetary and testing
00:30
to, uh,
00:33
secure organization, right? It's a lot of updates to your team. Is spending or likely spending more time configuring, maintaining and telling these tools? Then they are responding the threats. This is not what defense in depth should be. This also causes alert, fatigue and burnout.
00:52
It is likely that there are tools in your environment that are underutilized and can be eliminated. Also look for vendors. Deccan offer platforms that can be expanded as your needs change.
01:04
So 75 security tools
01:07
I've definitely worked in organizations where,
01:12
you know, there was a tool to manage the tool
01:15
two security tool that managed the tool and it was kind of like dominoes. Right? Was kind of like the movie inception, like how deep can you really go?
01:25
And what ended up happening was analysts. Admissions were getting so many alerts and e mails that would create rules and just filter stuff out. And
01:37
things just will go unnoticed until they actually crash on. And that's definitely not what you want on your security team.
01:46
I'm so when you're designing and deploying tools, your procuring things,
01:52
just keep that in mind. Why am I buying this to what problem is it solving? Is it a my picking up a point solution that only solves one problem
02:01
or my looking to procure a solution that can solve multiple problems and potentially eliminate
02:09
some other tools?
02:15
Then let's talk about needs. Vs wants.
02:19
A lot of times we definitely want the new shiny, uh, the blinky boxes. That's what that's what we want. But is there a need? Um,
02:30
focus on the gaps
02:34
filled the gaps and, you know, always we don't always need new tools to fill gaps. We just need to look at what we have and implement additional controls.
02:46
Um, in the tools that we have, instead of going for the latest and greatest or what's the current buzzword? Best of breed. Right?
02:53
Um,
02:55
is there open source action?
02:59
Open source tools have come a long way. Obviously, there can security concerns about using open source tools.
03:07
Make sure you're scanning before you deploy.
03:12
Um, make sure that you have the expertise with it within your team, our in house to maintain these open source tools because they do change frequently and option and also consult with your team. Because again they're on the frontlines of technology and the trends day to day. They talk most themselves into their peers.
03:30
Um, so instead of making a ah decision in a vacuum, be collaborative
03:38
and talk to your team and ask them if they have any suggestions.
03:45
Focus on the basics
03:46
again. I know we like those blankly boxes. I love him. I love new technology, but oftentimes, you know we go after next. Gen Best of breed machine learning ai All the buzzwords.
04:00
But doing the basics can go a long way to reduce your attack surface. And it won't blow the budget
04:09
Asset management. Do you know what you have? Do you know what's on your network?
04:15
Vulnerability management. Once you discover what's on your network, is it passed? Is it up to date? Do you know,
04:21
um, does everybody have local admin? Are you enforce at least privilege. We talk about work from home earlier through all of your in points that are now in various ah people's homes and states on untrusted networks. Do they have local admin rights?
04:40
Can they just install anything that they want to,
04:42
um,
04:44
in your corporate environments? Is your network properly segmented? Are your workstations separate from your servers? Um, you'd be surprised at the answer to that question. Maybe you would,
04:57
um How you delivering? Security awareness training.
05:00
Please tell me, is that by power Point and clicks there are great free
05:06
or next to free
05:09
security awareness training providers out there that won't bust the budget. But that'll give you a leg up on death by PowerPoint. So speak. Are you implementing the C I. A s top 10?
05:24
Ah, couple of the bullet points here that I pulled asset management of vulnerability management. At least privilege are on the CIA's list. Those are things that view an active directory.
05:34
Um, you can definitely and forth leaves privilege to a degree
05:40
within active directory asset management. There in map. Do you have em? Ascanio network in map is free. It may not be
05:49
the most intuitive to, but again
05:54
enforcing the basics. The fundamentals of security
05:59
will go a long way in ensuring the secure
06:04
delivery of services in your organization reducing your attack surface. And also, it will show that you don't always need the latest and the greatest to provide security, which in the long run
06:19
may highlight
06:21
to your CFO or your finance office
06:26
that you can make do
06:29
and you did may do without a big budget. And next time around they may increase your budget.
06:38
So we've reached the end of our course.
06:41
I hope that you have, um, enjoyed it thus far. And now that you
06:47
have a better understanding of what the business suspects from the sea so how you should communicate in business language, how to identify opportunities, protect to protect and potentially generate revenue. And how to gain stakeholder by in and build trust
07:04
and how to manage needs versus wants. Thank you again for your undivided attention and until next time
07:15
thank you

Revenue Protection as a CISO

In this course you will learn strategies to transform the way your security program is viewed.

Instructed By

Instructor Profile Image
Terence Jackson
Chief Information Security and Privacy Officer
Instructor