As the CIO and CISO of your organization, what are some of the major things you do to prevent and mitigate a breach?

Strategy & ArchitectureSecurity & GRCCulture & Values
1.8k views2 Upvotes6 Comments
Board Member, Advisor, Executive Coach in Software, Self-employed
Get rid of security solutions that don't work and improve your controls.
VP of Global IT and Cybersecurity in Manufacturing, 501 - 1,000 employees
Focus on the tools/software once you have a really solid assessment/visibility into your overall infrastructure (systems, data, processes, people) and associated risks. 

Too often organizations try and prevent and mitigate with software/solutions first.
Director of IT in Education, 1,001 - 5,000 employees
As good as tools are, at the end of the row is end users. Spend extra time on the weakest link - people.  Educate, Educate, Educate.
2 1 Reply
Assistant Director IT Auditor in Education, 10,001+ employees

I will add training.

Associate Director, R&D in Education, 201 - 500 employees
Automate as much as you can with the right tooling that is capable and that you can trust. Train and educate the humans involved in the whole process. Especially in development, ensure you build Security and Privacy by Design.
Senior Information Security Manager in Software, 501 - 1,000 employees
There are entire books written in response to this question.

 

But one of the best ways to mitigate the catastrophic effects of a data breach is to get rid of unwanted data.

 

But this is not a trivial thing. Many companies have been gathering and storing data for decades. They have many methods in ingress, but no method for data elimination. Over time, this can add up to tens of petabytes of data.  An in the event of a breach, all that data is exfiltrated.

 

Firms that have to deal with GDPR got a head start on this and started eliminating data they no longer needed to collect or store. That way their liability is limited. Firm who don’t have to deal with GDPR may want to take the same approach.

Content you might like

What technology solution are you using for your employee experience platform?  How does it integrate with your HCM solution and intranet solution?  Any do's and don'ts, lessons learned to share?

Applications & PlatformsPeer InsightsStrategy & Architecture
Read More Comments
602 views3 Comments

Where do HR and other non-security/IT departments fit into your insider risk management strategy/program? What role do they currently play?

Security & GRCRisk ManagementThreat & Vulnerability Management+1 more
Read More Comments
4k views1 Upvote7 Comments

What are your CEO's top priorities for you this year?

Strategy & ArchitectureTeam & Organizational DesignCulture & Values+4 more

Lead digital business/transformation initiatives26%

Upgrade IT and data security44%

Identify new data-driven business opportunities15%

Collaborate with business leaders on customer initiatives4%

Help reach specific goals for corporate revenue growth11%


194 PARTICIPANTS
1.3k views1 Upvote

What are some great on-prem and SaaS programs for internal PKI and Certificate Life Cycle Management? 

Applications & PlatformsSecurity & GRC
Read More Comments
1.8k views1 Upvote2 Comments

What is the #1 threat to cloud security at your organization?

CloudSecurity & GRCCompute+6 more

Malware22%

Data Exposure32%

Weak/Broken Authentication14%

Insider Threats15%

Application Vulnerabilities11%

Overprovisioned Access5%

Other0%


218 PARTICIPANTS
749 views2 Upvotes