CISOs Need Teamwork & A Strategic Framework

Uploaded on 2016-08-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NIST Enterprise Architecture Model

Eduardo Cabrera is the Chief Cybersecurity Officer at Trend Micro, responsible for analyzing emerging cyber threats to develop enterprise risk management strategies. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.

Given his background, Cabrera is eminently qualified for offering insight about information security challenges in both the government and the private sector.

Freedom to innovate

While serving in the US Secret Service, Cabrera lead information security, cyber investigative, and protective programs. “I lean on this experience and trusted partnerships daily to understand emerging threats but also to help develop resilient risk management strategies for Trend Micro and its Fortune 500 clients and strategic partners,” he says.

As you can imagine, working for the government has its unique challenges, and it’s not just about the paycheck.

“The differences are in perspective and mission. With that said, there is definitely a level of freedom found in the private sector that isn’t found in government. But the most significant freedom is the freedom to innovate. The speed and agility of innovation is incredible. I think that’s where the private industry, specifically cybersecurity companies, excel and can really help law enforcement, as well as the public sector at large, mitigate and eradicate the dynamic threats we see daily,” he explains.

The big picture

Companies may not fully understand the nature of modern threats, and simply placing a higher priority on security may not lead to improved measures, according to a CompTIA survey.

When asked what advice he would give to those new to the CISO position, Cabrera emphasized the importance of teamwork. “Listen! Listen to your direct reports. Listen to your organization’s business units or divisions. Listen to your partners in your sector and most of all listen to your partners in government,” says Cabrera.

“Cybercriminals have incredible networks that now allow them to automate and orchestrate their criminal enterprises. They do so by scaling trust within these criminal undergrounds. We need to do the same. The only way to defeat a network is to be a network. This requires much more trust on our side. We currently suffer from a trust deficit between private industry and government that will only be overcome by working closer together,” he concluded.

Strengthening your cybersecurity strategy

When it comes to the essential steps for strengthening and refining cybersecurity strategy in a large organization, Cabrera believes that a framework really comes first.

Unsurprisingly, he’s a big fan of the NIST Cybersecurity Framework, which consists of standards, guidelines and practices that help organizations address cyber risks by aligning policy, business and technological approaches. It was created by the National Institute of Standards and Technology (NIST) in partnership with the US Department of Homeland Security and the private sector.

It allows organizations to shift from old static information security best practices to proactive cybersecurity risk management standards. It maps existing industry standards such as NIST and the International Standardization Organization (ISO) to five core functions: identify, protect, detect, respond, and recover.

“The framework is critical for CISOs and their teams to build a cohesive strategy to brief up to the board room as well as down to the server room and apply the critical resources where they are needed most,” says Cabrera.

According to the information technology research company Gartner, the framework is now used by 30 percent of US organizations, and that number is projected to reach 50 percent by 2020.

A look into the future

We are in the midst of an Internet of Things explosion. 76% of companies interviewed by Vodafone believe that taking advantage of IoT technologies will be critical for the future success of any organization.

“Advances in technology are improving all aspects of our lives, however it is equally improving the lives of cybercriminals. With each new advancement there is a new opportunity for them to target, attack and monetize,” says Cabrera.

While 63% of companies have IoT devices already deployed, only 34% have security measures in place, indicating that the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.

“A layered connected threat defense using Big Data analytics and machine learning will be required to bring together often disparate and overlapping security stacks where visibility and control are the biggest challenges. It is needed today but will be essential in the coming years for CISOs and their teams,” explains Cabrera.

HelpNetSecurity

 

« New Airport Security Technology
Google Uses AI To Save On It’s Energy Bills »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Information Security Group (ISG) - Royal Holloway

Information Security Group (ISG) - Royal Holloway

The Information Security Group, Royal Holloway, University of London, is an Academic Centres of Excellence in Cyber Security Research.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

EC-Council

EC-Council

EC-Council is a member-based organization that certifies individuals in various e-business and information security skills.

CyberDef

CyberDef

CyberDef is a consulting company specialising in cyber defence services for small and medium enterprises.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Center for Strategic Cyberspace & International Studies (CSCIS)

Center for Strategic Cyberspace & International Studies (CSCIS)

CSCIS seeks to advance global cyberspace security and prosperity by providing strategic insights for cyberspace and policy solutions to decision makers.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Prescient

Prescient

Prescient’s Cyber solutions supplement your firm’s existing data security infrastructure with specialized investigations that identify unconventional cyber risks.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

Cyber Intelligence 4U

Cyber Intelligence 4U

Cyber Intelligence 4U is an educational services company that provides two levels of cybersecurity training programs: executive and technical.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

Client Solution Architects (CSA)

Client Solution Architects (CSA)

Client Solution Architects (CSA) is a leading digital transformation consulting firm focused on the U.S. Defense Department and all U.S. Federal enterprise information technology service areas.

Curity

Curity

The Curity Identity Server brings identity and API security together, enabling highly scalable and secure user access to digital services.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Veza Technologies

Veza Technologies

Veza is the authorization platform for data. Built for hybrid, multi-cloud environments, Veza enables organizations to manage and control who can and should take what action on what data.