32 minutes

Video Description

Instructor Kelly Handerhan will list important questions that must be asked if the CISO is to develop an effective security strategy for the organization. - Does the CISO routinely meet with or brief business management? - When was the last time top management got involved in security-related decisions? - How often does top management get involved in progressing security solutions? - Would people recognize a security incident if they saw one, and what would be their reaction? - Does management know who is responsible for security? - Does anyone know how many computers the company owns and would management now if some went missing? - Are damage assessment and disaster recovery plans in place? - Has management identified all information that would violate policy, legal, or regulatory requirements, or cause embarrassment/ competitive disadvantage if leaked? Course participants will learn the numerous pitfalls inherent in developing a security strategy that can compromise your organization's data. - Overconfidence- in inherent security, your own ability, or the abilities of your team - Optimism- you believe that "it won't happen to you," and if something does happen, that you can recover - Anchoring- As a CISO, you're too reliant on past experience or quantitative data - The status quo- Believing it will always be the way it has been - Mental accounting- being more willing to spend money in one place than another, no direct line to profit - The herding instinct- For senior managers the only thing worse than making a huge mistake is being the only one in the industry who makes it False consensus- CISOs may overestimate the extent that others share their views, or only seek out sources that support their views

Up Next

Developing a Security Strategy

How do I develop a security strategy? In order to develop an effective security strategy, one must take a proactive response to security threats.

Instructed By

Instructor Profile Image
Kelly Handerhan
Senior Instructor