What is your definition of security?

Culture & ValuesSecurity Strategy & RoadmapSecurity & GRC
1.3k views4 Comments
Sort By:
Oldest
VP, Director of Cyber Incident Response in Finance (non-banking)2 years ago
In the financial sector, my job is to secure the bank. Not only the infrastructure of the bank, but also make sure the products are available for our customers. That's the simple view of what security is for me: making sure that the network is available, that we can provide access to our customers in a secure manner and be good custodians of their data. Yeah.
SVP in Finance (non-banking)2 years ago
When I think of cybersecurity, I think of two things: 

1. Enable everyone to weigh cyber as part of their decision making. When folks are trying to make a decision, I want to ensure that the context of cybersecurity is part of that decision framework. They need to weigh the risks and everything else that comes with it as part of that decision. It has to be a calculated decision rather than something that you just go ahead with, only to realize you have to worry about cybersecurity after the fact.

2. Minimize the financial impact from cyber incidents. We all know we can't stop them from ever happening again; people find their way around. If you're doing all the right things, you can mitigate and minimize the impact, particularly the financial impact. And I specify financial impact because you often need something that's measurable and there's always a dollar number you can ascribe. It could be soft dollars or just resource times. And if those things are happening frequently, you have an underlying issue that you need to solve for. If you're reducing those problems, you're already doing everything correctly to save you time, money and resources in responding to cyber issues. You're doing security preventively.
1 Reply
VP, Director of Cyber Incident Response in Finance (non-banking)2 years ago

I agree with you on that point. In my former role at Intel, they could tell you what the cost per hour was if a fab was offline. If the fab is offline, then you're not manufacturing processors and you can't sell what you don't make. So that was an interesting, eye-opening experience when I found out what those numbers were like. 

It’s similar at the bank, because if there's a denial of service attack against the bank and the attackers take out the credit card processing, online banking, or our ability to conduct trades through our wealth management division, the business will be able to tell you what they were expected to do during those time windows. That gives you a pretty hard number on what the impact was, and then adding in the time and effort to recover from it gets you pretty close.

lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CISO in Software2 years ago
I'm from biotech pharma, which deals with a lot of protected health information. I always had to worry about patients’ privacy and there are many different angles in that context. Once we had a famous person as part of our study and someone from our customer support team was so starstruck they wanted to share that information. But that would get them in trouble internally, of course. It was to the extent that we couldn't even leave paper on our desk because it could have a name or number on it. 

The other side is productivity. I was taking care of labs and the problem was that we had these million dollar robots processing all the samples hooked up to a Windows 95 or a Windows 98 machine, that we weren’t allowed to patch. We couldn’t put AV on anything; it would break the firmware of that machine if we did because that's how it was validated. Some of those machines in the lab had a shared username and password, and at some point a janitor got onto one of them and visited an insecure, explicit website. That machine got infected as a result, which then caused the whole lab to get infected.

And the problem is it's not as easy as rebuilding the PC after that, because every single one is validated. You have to get the vendor of each robot to come out, replace the machine and get the firmware set up, which only takes a week. But because the re-validation process takes another four to six weeks, our lab was down. This was a certified lab running samples and we were down for six weeks. We had to come up with a new way to protect those machines in case one got hit. So even before I was in security, I was still running security but we just had VLANs. That's the best we could do: put each lab machine in it’s own VLAN.

Content you might like

We are a large manufacturing company with over 17,000 associates, about half of whom have company-provided cell phones. We average two lost devices per week, which seems low, but executive management is concerned and wants to know if our numbers are typical compared to other companies. My questions are: 1. Do other companies also struggle with lost or stolen devices? 2. What is the average number of lost devices per week? 3. Are there repercussions for associates who lose devices due to carelessness or negligence?

Mobile Device Management (MDM)Mobile DevicesSecurity+2 more
VP of IT in Retail3 days ago
My previous organization implemented a strict one-strike policy for lost or damaged devices. While the first incident was considered an accident, repeat offenders were required to reimburse the company for the lost or damaged ...read more
82 views1 Comment

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Any recommendations for a comprehensive GenAI learning platform?

EngineeringData & AnalyticsSecurity Strategy & Roadmap+4 more
IT Manager in Constructiona month ago
Hello,
the topic is so broad, what are you focused on?
Read More Comments
4.8k views2 Upvotes5 Comments

What are the fundamental leadership capabilities that are needed for an era of exponential technology and AI innovation?

Disruptive & Emerging TechnologiesCulture & ValuesMentoring & Coaching+3 more
Director, Experience Design in Educationa year ago
I think Alivin Toffler said it best: "The illiterate of the 21st century will not be those who cannot read and write, but those who cannot learn, unlearn and relearn."

The most important attribute, then, is ...read more
31 3 Replies
Read More Comments
193.8k views172 Upvotes152 Comments

Do you have any dedicated resources for vulnerability patching?

Threat & Vulnerability ManagementSecurity Strategy & RoadmapTeam & Organizational Design

Yes - one person46%

Yes - multiple people46%

No7%

View Results
3.1k views