Dennis Spalding’s Post

Based on my modest experience in security incident management and having worked on this with Dinis first time, I agree with this approach. Treating P3 incidents as if they were P1s can greatly benefit businesses in terms of process improvement, playbook writing, relationship-building, and gaining a deeper understanding of systems. However, it's important to consider the well-being of the security teams, as this approach can be exhausting if sustained for too long even you have effective AI integration to simulate and adspt to realistic scenarios and help on monitoring, identify gaps or generate incidents reports. To get a balance between getting the benefits and ensuring the team's welfare, I personally found implementing this practice for a limited period each year, maybe for a month or whatever defined period is more considerate to the team. During this designated time, all incidents would be handled as P1s, allowing businesses to make significant improvements without overwhelming their teams. Moreover, by increasing the frequency of incidents drills from the classic once a year to multiple times, businesses can further enhance their preparedness. Incorporating some surprise drills would also provide a more accurate assessment of a team readiness and help pinpoint any shortcomings in their processes. #IncidentManagement #SecurityDrills #AIinSecurity #ProcessImprovement #TeamWellbeing #RealisticScenarios #ContinuousMonitoring #GapIdentification #AutomatedReporting #AdaptiveLearning #CyberPreparedness #SecurityExcellence

CISO prosecutions - how to protect yourself. This article is a great summary of the state of play in CISO prosecutions for cyber lapses and what you can do to manage the risk. 2 great points to protect yourself as a CISO: 1) create or use the existing risk committee with clear risk delegations and escalations 2) clear reporting lines direct to board https://lnkd.in/gxbU6eb5 #careerdevelopment #CISO

#CISO's skills and responsibilities highly changed, from technical knowledge of security controls to mastering business communication and responsibility umbrella strategy. "A CISO's Guide to Avoiding Jail After a Breach" Yahoo, Uber, SolarWinds — increasingly, the government is incentivizing better corporate security by punishing the individuals leading it. Is that a good idea? And how can security pros avoid ending up on the butt end of a lawsuit? As Chief Information Security Officer's focus must shift toward their self preservation, they'll likely have less time to focus on effective control, and therefore, require more resources, and more third party services to help them in their mission. Responsibility and accountability are certainly a good part of proper security posture management, yet, they would be to avoid negligence and being able to prove it. Are you keeping track of all your third party risk assessments, security assessment, and are the results well communicated, including the associated risks ? #cybersecurity #usa #technology https://lnkd.in/e8G8Mwpd

We've all read about the #SolarWinds breach by the #Russians back in #2020 and the recent litigation by the #SEC into them for their handling of said #breach, but what does the average #CISO have to worry about in today's cybersecurity landscape and the answer is a lot...This article by #DarkReading goes into the #legal risks which CISOs are facing day-to-day in their roles handling an organization's #cybersecurity posture to prevent incidents and how they can be held #liable for their actions in their role after a breach has occurred. Are you ready to handle legal risks in your role?

"Communication and collaboration... Are the safety net that security leaders will fall back on when the worst comes to pass." Protect your organization, your team, and yourself, with BreachRx. The platform CISOs who have been through it, wish they'd had in place. "That's ultimately the through line between all these cases: that communication between the cross-functional groups wasn't there to the extent it needed to be. And the people who took the brunt of that were not the lawyers, were not the execs, were not the board. It was infosec." https://bit.ly/ciso-jail #ciso #cybersecurity #nojail

#zerto assists w/ defense in depth with enterprise scale & performance, buttressing security, most notably when it fails, as it does, with Fail-Safe #recovery. #zertocyberresiliencevault https://lnkd.in/eabwG4BS https://lnkd.in/eZwJBebw

As a D&O expert and Cyber leader, I am not surprised to see that both domains intertwine more and more. Businesses need to remain aware that cybersecurity is essential to their business, success depends on their IT strategy and their IT teams to lead it . Protect your business and protect your managers. https://lnkd.in/dbfDHuGe

The #CISO's role has increased in difficulty and risks, many face #budgetcuts around #Cybersecurity. They also are limited on technology decision making, even though a increase in #hacker technology and use of #Ai. Agreed there are many in #cybersecurity leadership that should not be there. #technology #cybersecurity #pentesting #informationsecurity #hacking #DataSecurity #CyberSec #bugbountytips #websecurity #networksecurity #cybersecurityawareness #securityanalyst #securityawareness #cybercrime #cybersecuritynews #cyber #cyberattack #securityanalyst #securityawareness #cybercrime #cybersecurity #informationsecurity #intelligence #datasecurity #websecurity #networksecurity #security #hacking #securitymanager #securityaudit #malware #threatintelligence #threathunting #cybersecuritynews

This article underscores the importance of not only robust cyber defenses but also comprehensive legal strategies. Here are a few key takeaways: 1. Proactive Measures: Implementing proactive measures and maintaining thorough documentation can be pivotal in demonstrating due diligence. 2. Transparency and Communication: Clear and honest communication with stakeholders, including regulatory bodies, can mitigate potential fallout. 3. Legal Preparedness: Engaging with legal experts to understand the evolving regulatory environment and preparing for potential legal challenges is essential.

🔒💼🚨 Calling all IT pros & cybersecurity wizards! Big news alert 🚨💼🔒 🔍 Ever noticed how the government is nudging companies towards better security practices by pointing fingers at the folks in charge? Punishing the top dogs seems to be the new trend in town! 🤯 🤔 But hey, do you think it's a fab idea to hold individuals accountable for corporate security slip-ups? Drop your thoughts below! 💭⬇️ 🛡️ So you're wondering how you can dodge the lawsuit bullet and keep your cyber-castle secure, right? Here are some tips & tricks straight out of the IT playbook: 👉 Keep your cybersecurity game strong 💪 👉 Stay updated with the latest tech defenses 🛡️ 👉 Train your team like armored ninjas 🥷 👉 Don't forget to lock those virtual doors 🔒 👉 And always, always have a backup plan! 🔄 🔮 My predictions? Expect more 🔥 debates on cybersecurity accountability in the tech world. Buckle up, folks! It's gonna be a bumpy ride! 🎢 What are your thoughts on this spicy topic? Let's chat it out! 🔥💬 #ainews #automatorsolutions #cybersecurity #ITpros #TechDebates #Predictions #StaySecure #AccountabilityInTech #CyberSecurityAINews ----- Original Publish Date: 2024-07-05 05:35