CISO Tabletop Scenario Intro
I thought it would be fun to explore what people do with regards to Cyber Securityleadeship, budgets, contraints and realities of business change. So here’s a blog post to supliment my thread on twitter:
MrR3b00t | #StandWithUkraine #DefendAsOne on Twitter: “Tabletop: you have 400 servers, 800 users and your cyber security budget is 100K…. what do you do? https://t.co/Nw0Pd7rH8L” / Twitter
please note: the list below is based on experiance, it’s also a list I made whilst drinking about half a cup of tea so it’s not complete or “the answer” it’s just some observations about an approach I advocate.
Read more “Tabletop: “you have 400 servers; 800 users and your cyber security budget is 100K…. what do you do?””
Everything is fine until it’s not
I’ve been travelling to different organisations and visiting different networks for a while and whilst each organisation is unique (they really are) their operating models, technology challenges and weak security postures generally aren’t as unique as the organisational itself.
One thing that does spring to mind however is that there is a massively common pattern we find with organisations.
- Those that invest well have better postures, better technology experiences and an improved security posture.
- Those that don’t historically invest well, well they have quite the opposite:
- They don’t train staff
- They have very weak postures
- They carry an extraordinary volume of business risk
One thing that is common though, is that all of this tends to link to financial investments, so executives and boards usually have some idea if they are spending or not in this space, what they commonly don’t have a good view on is they getting what they “thought they were buying”. Sadly, too often what they assumed was “in the box” with the “IT provision” with regards to quality and cyber security just simply isn’t the case. Everything is fine, until you look… then it’s less than fine! So, what can we do about it?
Read more “Why do “we” suck so badly at digital security ?”