What is a vCISO? Experience, Policy, & Programs needed in Cybersecurity from SideChannel
ฝัง
- เผยแพร่เมื่อ 2 ส.ค. 2024
- vCISO provider SideChannel's approach to building a cybersecurity program for startups and mid-market companies.
[2:15] The vCISO should be able to do the following (part of the #cisolife)
[3:30] Develop, or mature currently existing, documentation for the following:
[4:30] Information Security Strategy (3 to 18 months) - taking into account information from Risk Assessment and Gap Analysis
[5:15] Enterprise Information Security Policy, including, but not limited to;
-Acceptable Use Policy
-Data Governance & Classification Policy
-Asset Inventory & Device Management Policy
-Incident Response Policy
-Remote Access & Identity Management Policy
-Mobile Security Policy
-Vulnerability Management Policy
-Third Party Risk Management Policy
-Disaster Recovery Plan
-Incident Response Plan
[9:15] Risk Assessments - guided by the organization’s overall risk management process or previous risk assessment activities.
[9:45] Determine, Analyze, and Prioritize Gaps - compare the current profile and the target profile to determine gaps
[10:00] Information Security Governance - using the NIST CSF v1.1 framework; provide oversight to ensure that risks are adequately mitigated, and then support management to ensure that controls are implemented to mitigate risks.
[11:40] Managed Security Services - support the implementation of end-point detection and response (EDR) capabilities and mature to a 24/7/365 monitoring and response function via internal or external resources.
[12:00] Incident Response - outline and develop incident response functions for the enterprise to respond to cyber events, incidents, and crises.
[12:45] Vulnerability Management & Secure Configuration - structure function for the discovery and remediation of vulnerabilities discovered from lack of patching or unknown vulnerabilities in accordance with severity established in Vulnerability Management Policy.
[13:35] Third Party Vendor Risk Management (TPRM) - provide resources to respond to third-party risk assessment questionnaires (incoming) and conduct third party risk assessments of vendors (outgoing);
[13:50] Cybersecurity Training and Awareness - identifying and aligning security and training awareness topics to focus on where security intersects with the business mission and aligns content to ensure the goals and objectives of the program are met.
#cisolife #microsegmentation #zerotrust #cybersecurity #sidechannel #enclave #cmmc
Follow us -
Website - sidechannel.com
Podcast - anchor.fm/cisolife
LinkedIn - / sidechannelsecurity
Twitter / X - / sidechannelsec - แนวปฏิบัติและการใช้ชีวิต
