Would you buy from an auto manufacturer who suffered a breach? Would you shop at a retail store that has been hacked?
Out of the 70+ attendees for ISACA SD’s March meeting, very few were responsible for cybersecurity within their companies or as consultants for other companies. Dean Larsen II‘s topic on Cybersecurity from the Front Lines & Cyber Oversight Framework was surely something we all could learn from.
The importance of security governance, which is essentially developing a framework that works for your enterprise is often overlooked. One security infrastructure does not fit all enterprises and their individual requirements. Rather, it’s beneficial to take a look at the business drivers, the processes, the application etc. Risk Management, according to Larsen, is the only way to truly effectively and efficiently protect your infrastructure.
Larsen was able to convey the key trends in the industry such as external threats, change in the way business is conducted, rapid technology change, regulatory compliance & changing market and client need, His presentation goes into more detail.
He also debunked certain myths and mistakes that are made frequently by industry professionals. One of which was “We have to achieve 100% security.” This is neither feasible nor efficient use of resources. The goal is to save the crown jewels, which includes PEOPLE! The audience at the meeting was quick to identify processes, procedures, data as the crown jewels. People are known as the “weakest” link, so simply investing in best technology is not a guaranteed way to ensure security. This played into the Board Engagement & Oversight framework.
Overall, it was quite an interactive & informational meeting! Looking forward to the next one. Once again, the deck can be found here.
P.S. If you’re a student and interested in joining ISACA, let me know! We are actively seeking more student participation.
