CISOs Need Teamwork & A Strategic Framework

Uploaded on 2016-08-19 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

NIST Enterprise Architecture Model

Eduardo Cabrera is the Chief Cybersecurity Officer at Trend Micro, responsible for analyzing emerging cyber threats to develop enterprise risk management strategies. Before joining Trend Micro, he was a 20-year veteran and former CISO of the United States Secret Service.

Given his background, Cabrera is eminently qualified for offering insight about information security challenges in both the government and the private sector.

Freedom to innovate

While serving in the US Secret Service, Cabrera lead information security, cyber investigative, and protective programs. “I lean on this experience and trusted partnerships daily to understand emerging threats but also to help develop resilient risk management strategies for Trend Micro and its Fortune 500 clients and strategic partners,” he says.

As you can imagine, working for the government has its unique challenges, and it’s not just about the paycheck.

“The differences are in perspective and mission. With that said, there is definitely a level of freedom found in the private sector that isn’t found in government. But the most significant freedom is the freedom to innovate. The speed and agility of innovation is incredible. I think that’s where the private industry, specifically cybersecurity companies, excel and can really help law enforcement, as well as the public sector at large, mitigate and eradicate the dynamic threats we see daily,” he explains.

The big picture

Companies may not fully understand the nature of modern threats, and simply placing a higher priority on security may not lead to improved measures, according to a CompTIA survey.

When asked what advice he would give to those new to the CISO position, Cabrera emphasized the importance of teamwork. “Listen! Listen to your direct reports. Listen to your organization’s business units or divisions. Listen to your partners in your sector and most of all listen to your partners in government,” says Cabrera.

“Cybercriminals have incredible networks that now allow them to automate and orchestrate their criminal enterprises. They do so by scaling trust within these criminal undergrounds. We need to do the same. The only way to defeat a network is to be a network. This requires much more trust on our side. We currently suffer from a trust deficit between private industry and government that will only be overcome by working closer together,” he concluded.

Strengthening your cybersecurity strategy

When it comes to the essential steps for strengthening and refining cybersecurity strategy in a large organization, Cabrera believes that a framework really comes first.

Unsurprisingly, he’s a big fan of the NIST Cybersecurity Framework, which consists of standards, guidelines and practices that help organizations address cyber risks by aligning policy, business and technological approaches. It was created by the National Institute of Standards and Technology (NIST) in partnership with the US Department of Homeland Security and the private sector.

It allows organizations to shift from old static information security best practices to proactive cybersecurity risk management standards. It maps existing industry standards such as NIST and the International Standardization Organization (ISO) to five core functions: identify, protect, detect, respond, and recover.

“The framework is critical for CISOs and their teams to build a cohesive strategy to brief up to the board room as well as down to the server room and apply the critical resources where they are needed most,” says Cabrera.

According to the information technology research company Gartner, the framework is now used by 30 percent of US organizations, and that number is projected to reach 50 percent by 2020.

A look into the future

We are in the midst of an Internet of Things explosion. 76% of companies interviewed by Vodafone believe that taking advantage of IoT technologies will be critical for the future success of any organization.

“Advances in technology are improving all aspects of our lives, however it is equally improving the lives of cybercriminals. With each new advancement there is a new opportunity for them to target, attack and monetize,” says Cabrera.

While 63% of companies have IoT devices already deployed, only 34% have security measures in place, indicating that the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.

“A layered connected threat defense using Big Data analytics and machine learning will be required to bring together often disparate and overlapping security stacks where visibility and control are the biggest challenges. It is needed today but will be essential in the coming years for CISOs and their teams,” explains Cabrera.

HelpNetSecurity

 

« New Airport Security Technology
Google Uses AI To Save On It’s Energy Bills »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Sift

Sift

The Sift Digital Trust Platform protects your business and customers from all vectors of fraud and abuse through our Live Machine Learning, global trust network and automation technologies.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

ICT Reverse

ICT Reverse

ICT Reverse is one of the UK’s leading, fully accredited providers of ICT asset disposal and secure data erasure.

Sixgill

Sixgill

Sixgill, an IoT sensor platform company, builds the universal data service and smart process automation software allowing any organization to effectively govern its IoE assets.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

Cybersec Infohub

Cybersec Infohub

Cybersec Infohub is a Hong Kong government programme to enhance the exchange of cyber security information with industry and enterprises to jointly defend against cyber attacks.

Calyptix Security

Calyptix Security

Calyptix Security helps small and medium offices secure their networks so they can raise profits, protect investments, and control technology.

FAIR Institute

FAIR Institute

The FAIR Institute is a non-profit professional organization dedicated to advancing the discipline of measuring and managing information risk.

ITSEC Asia

ITSEC Asia

ITSEC Asia works to effectively reduce exposure to information security threats and improve the effectiveness of its clients' information security management systems.

N-able

N-able

N-Able deliver simple and sophisticated monitoring, security, and business solutions that empower you to solve your toughest IT challenges.

SecurityStudio

SecurityStudio

SecurityStudio is a continuous cybersecurity risk management platform that allows decision-makers to quickly identify the most immediate threats and make confident risk informed decisions.

Finlaw Associates

Finlaw Associates

Finlaw Associates is a trusted cybercrime law firm providing a wide range of taxation, legal, advisory and regulatory services to the financial, commercial and industrial communities.

UberEther

UberEther

UberEther are a dedicated group of software developers and consultants developing and deploying the next generation of identity management and cloud solutions.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.