When Are CISOs Responsible for Breaches? episode artwork

EPISODE · Feb 6, 2020 · 28 MIN

When Are CISOs Responsible for Breaches?

from Defense in Depth

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-are-cisos-responsible-for-breaches/) When is a CISO responsible for a breach or cyber incident? Should they be disciplined, fired, or let go with an attractive payout? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Norman Hunt (@normanhunt3), deputy CISO, GEICO. On this episode of Defense in Depth, you'll learn: On the onset, one may want to jump to finding liability. But a CISO's responsibility should not be isolated at the moment of the breach. There are more issues to consider, such as authority, accountability, efficacy, and expectations. Be wary of assigning accountability if the CISO didn't have the authority to actually carry out his/her intended plan. Often the CISO is seen as a necessary scapegoat when there is a breach. It shows an aggressive move by the company to make a change, but then they'll have to go ahead and hire another CISO, probably at a much higher salary (see last week's episode). When are you measuring the performance of the CISO? Is it as they build the security program, or is it only at the moment of the breach? How well does a CISO handle the breach when it happens and how well do his direct reports and the rest of the company handle it? That's a better measurement of the efficacy of the CISO. CISOs are held to a higher level of expectation to prevent a risky event from happening. CIOs, CEO, and CFOs are not held to the same standard. Even the best CISOs will suffer a breach. It's a single point in time. It sure is a very bad point in time, but what are the events that led up to this moment. Were they building out a security program and were there improvements or was staff education and leadership falling short? The best standard of measurement of a CISO is how well do they communicate and implement security and risk decisions? Failure may be at the definition of the role of the CISO. A CISO's role and its responsibilities are far from standardized.

NOW PLAYING

When Are CISOs Responsible for Breaches?

0:00 28:37

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

MG Show MG Show The MG Show, hosted by Jeffrey Pedersen and Shannon Townsend, is a leading alternative media platform dedicated to uncovering the truth behind today’s most pressing political issues. Launched in 2019, the show has grown exponentially, offering unfiltered insights, comprehensive research, and real-time analysis. With a commitment to independent journalism and factual integrity, the MG Show empowers its audience with knowledge and encourages active participation in the political discourse. Eat to Live Jenna Fuhrman, Dr. Fuhrman Our health is our most precious gift and smart nutrition can change your life. Each month, join Dr. Fuhrman and his daughter, Jenna Fuhrman as they discuss important topics in the world of nutrition. Eat to Live will change the way you eat and think about food. French Your Way Jessica: Native French teacher founder of French Your Way Boost your French listening skills and test your comprehension with this one of a kind series of podcasts. Get the chance to listen to a real conversation between native speakers talking at normal speed AND customise your learning experience through carefully designed sets of questions (2 levels of difficulty) available for download at www.frenchvoicespodcast.com. All interviews also come with the transcript. French teacher Jessica interviews native speakers of French from around the world who share a bit of their life and passion. Where else would you meet in one same place a French yoga teacher based in Melbourne, a soap manufacturer from Provence, or a couple cycling around the world? XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Defense in Depth?

This episode is 28 minutes long.

When was this Defense in Depth episode published?

This episode was published on February 6, 2020.

What is this episode about?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-are-cisos-responsible-for-breaches/) When is a CISO responsible for a breach or cyber incident? Should they be disciplined, fired, or let...

Can I download this Defense in Depth episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!