As the CIO and CISO of your organization, what are some of the major things you do to prevent and mitigate a breach?

Strategy & Architecture Security & GRC Culture & Values

1.8k views2 Upvotes5 Comments

Sort By:

Oldest

Board Member, Advisor, Executive Coach in Software4 years ago

Get rid of security solutions that don't work and improve your controls.

VP of Global IT and Cybersecurity in Manufacturing4 years ago

Focus on the tools/software once you have a really solid assessment/visibility into your overall infrastructure (systems, data, processes, people) and associated risks.

Too often organizations try and prevent and mitigate with software/solutions first.

Director of IT in Education4 years ago

As good as tools are, at the end of the row is end users. Spend extra time on the weakest link - people. Educate, Educate, Educate.

2 1 Reply

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

Peer Discussions and Polls
One-Minute Insights
Connect with like-minded individuals

Director Certifications in Education4 years ago

I will add training.

Senior Information Security Manager in Software4 years ago

There are entire books written in response to this question.

But one of the best ways to mitigate the catastrophic effects of a data breach is to get rid of unwanted data.

But this is not a trivial thing. Many companies have been gathering and storing data for decades. They have many methods in ingress, but no method for data elimination. Over time, this can add up to tens of petabytes of data. An in the event of a breach, all that data is exfiltrated.

Firms that have to deal with GDPR got a head start on this and started eliminating data they no longer needed to collect or store. That way their liability is limited. Firm who don’t have to deal with GDPR may want to take the same approach.

Content you might like

What is your primary deciding factor in adopting enterprise search?

Strategy & Architecture Cloud End-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results

5.7k views3 Upvotes1 Comment

I have just been asked by an exec from another function to audit a critical project in their portfolio which does not appear to be going well. I have some ideas based on my own PMO experience, but wanted to explore how peers might think about approaching such an exercise. Considerations: - outside my main role - risk of conflict with the leader providing project management services to this exec - sensitivity within the other function to potential criticism of their governance - readiness of the project team to provide relevant information

Relationship Management Project Management Culture & Values+2 more

CFO3 days ago

I recommend that you consider finding an outside third party to perform the audit. I have had to do something similar with an unprofitable division/product line that reports directly to our CEO. We outsourced with Alvarez ...read more

130 views1 Comment