Topics on Top of CISO's Minds May 2024
Peer Roundtable for Senior Security Leaders Executive Recap from 5/15/24
This is a summary of the Senior Security Leader cohort discussion during the Peer Roundtable on May 15, 2024. This executive summary captures the essence of the discussion, focusing on the major topics, challenges, and potential solutions discussed by the participants.
Did you know?
CYBERTHREAT CASE "STORY"
NEXT COHORT
SECURITY VALUATION PYRAMID
Flipbook View
Key Discussion Points from Peer Cohort
MDM Conversation Summary
• It was commonly agreed that MDM solutions like Intune should be used in the context where VIPs or sensitive data is processed.
• Where-as it was “silent" consensus that Outlook policies are usually an effective way of controlling the regular users.
Petri Kuivala shares: If you read the latest Verizon DBIR, you see that user devices, which consist of Laptops, Desktops, mobiles, and tablets, account for approximately 10% of the assets relevant to the breaches. When reading the Verizon Mobile Security Index paper, there is no break-out of this 10%. It is apparent that BYOD devices should never be jailed broken, and it is strongly recommended to keep them well patched.
Questions were raised about what identity providers people are using. Members mentioned using Microsoft as their primary identity provider. It was also mentioned by another, they were using CrowdStrike for identity security and mentioned using conditional access policies with intra ID. It was asked if anyone uses Intune without using Microsoft IDP, opting for a third-party provider instead.
The Conversation Q&A from Peer Cohort
Q: What is the suggestion for controlling specific applications on personal devices without full Intune enrollment?
A: The suggestion is to use MAM policies instead of full Intune enrollment.
Q: How can Intune be used for device management in a company?
A: Intune can be used for company-managed devices, with high-risk users receiving a second company device and lower-risk users being allowed to bring their own device.
Q: What identity providers are commonly used?
A: Microsoft is commonly used as the primary identity provider, but CrowdStrike and third-party providers are also options.
Q: Is it possible to use Intune without using Microsoft IDP?
A: Yes, it is possible to use Intune with a third-party identity provider like Okta or IBM MaaS 03:60.
Q: How can access to certain applications be controlled in an Apple shop?
A: Certain applications can be restricted to corporate laptops, while others can be allowed on mobile devices in an Apple shop.
Q: How can financial applications be accessed on a laptop?
A: Financial applications can be accessed on a laptop using Okta as a device for authentication and certificate validation.
Q: What are the advantages of using automation and AI in cybersecurity?
A: Automation and AI can reduce the number of alerts, provide recommendations, and improve the efficiency of security operations.
SOC Effectivity Conversation
Petri's recommendation to read: Avanade, the 50 000 employee was able to re-purpose 5 SOC FTEs. See how it was done: How Avanade reduced human cyber-risk and saved 5 SOC analyst FTEs with the Hoxhunt Human Risk Management platform - Hoxhunt in a nut-shell a combination of Crowdsourcing the employees together with purpose build AI was the answer.
The Conversation Q&A from Peer Cohort
Q: How can the effectiveness of a SOC be improved?
A: Implementing proactive measures, having a closed-loop remediation process, and focusing on high-value assets and functions can improve the effectiveness of a SOC.
Q: What is the importance of effective communication within the SOC?
A: Effective communication within the SOC is crucial for coordinating responses to security events and ensuring smooth operations.
Q: How can the human side of cybersecurity be addressed?
A: The human side of cybersecurity can be addressed by engaging the end-user community, integrating their knowledge into AI engines, and promoting a security-focused culture.
Q: What is the significance of a strong policy foundation in cybersecurity?
A: A strong policy foundation is essential for implementing effective security measures and ensuring compliance with industry standards.
Q: How can external attack surfaces be managed?
A: External attack surfaces can be managed by conducting regular assessments, implementing specific controls, and monitoring for any changes or vulnerabilities.
Q: How can the security of Active Directory be fortified?
A: Active Directory security can be fortified by implementing immutable backups, ensuring proper restoration processes, and considering the location of backups.
Q: What challenges do smaller companies face in implementing cybersecurity measures?
A: Smaller companies face challenges in terms of code security, policy implementation, and resource limitations.
Q: How can the SOC's performance be enhanced through tabletop exercises?
A: Tabletop exercises can help evaluate the performance of a SOC, identify areas for improvement, and test incident response plans.
Q: What is the importance of business continuity and disaster recovery plans in cybersecurity?
A: Business continuity and disaster recovery plans are crucial for ensuring the resilience of an organization's operations in the event of a security incident.
Q: How can the SOC effectively communicate with other departments during a breach?
A: Effective communication with other departments during a breach can be achieved through clear escalation processes, contact information, and regular exercises.
Q: How can runbooks be used for threat detection and prevention?
A: Runbooks can provide standardized procedures for SOC teams to detect and prevent threats, ensuring a consistent and efficient response.
Q: What is the importance of a long-term strategic plan in cybersecurity?
A: A long-term strategic plan is important for setting goals, prioritizing investments, and ensuring the continuous improvement of cybersecurity practices.
Q: How can the risk of code theft be mitigated when implementing security measures?
A: The risk of code theft can be mitigated by implementing policies and technologies like VDI (Virtual Desktop Infrastructure) for control and work purposes.
Cyberthreat Case Study Deep Dive
Access on Demand
Learn as Petri Kuivala walks you through a real-life cyberattack case involving a nation state called Panda, which was related to a larger M&A case between two large companies. See the several-year hacking timeline and a high-level overview of how it happened and mistakes that could have been avoided.
Learn:
How to be prepared when the “s” hits the fan
How to be the successful CISO at the time of the storm
The most important things to do to prevent a cyberattack in the first place
Next Cohort
Tuesday, June 18, 2024, at 1:00 PM Eastern
Meet with Petri
Ask Petri Kuivala about the Cyberthreat Case Study or any of the resources available. He's also open to discuss your current challenges beyond what's provided. Click the button to go to Petri's calendar.
Resources
• Security Value Creation Pyramid: A framework for layering security initiatives in corporate settings, inspired by Maslow's hierarchy of needs. Provides a structured approach to prioritizing foundational safety measures and advanced value-creation strategies.
• Should CISO Report to CIO: What is essential regardless of the reporting structure.
• Enterprise Cybersecurity in Digital Business: by Ariel Evans: Guides CEOs, CISOs, and compliance managers on setting goals and addressing cybersecurity gaps within organizations.
• Evidence-Based Cybersecurity: by Pierre-Luc Pomerleau and David Maimon: Introduces an evidence-based approach to enhancing cybersecurity operations relevant for security professionals and policymakers.
Copyright © 2020- Peer Roundtables. All Rights Reserved