risk exposure

Guest: Keyaan Williams, Founder and Managing Director of CLASS-LLC [@_CLASSllc]

On LinkedIn | https://www.linkedin.com/in/keyaan/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Devo | https://itspm.ag/itspdvweb

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, we are joined by guest Keyaan Williams to discuss the impact of the Securities and Exchange Commission (SEC) Incident Reporting Rule on organizations and its far-reaching implications. The wide-ranging discussion covers the shift in responsibility from a single Chief Information Security Officer (CISO) to the entire organization, the necessity for companies to have situational awareness to rapidly determine the materiality of cyber security incidents, and how these rules affect the company's enterprise risk management strategy.

Enterprise Risk Management (ERM) is integral to the way organizations protect themselves and manage risk. Contrary to focusing exclusively on cybersecurity and cyber-related risk, ERM takes an holistic approach and considers all risks across the company. This comprehensive approach ensures that companies make well-informed decisions about how they allocate resources, prioritize risks, and choose specific areas to mitigate. ERM also distributes the burden of risk oversight, reducing the intense pressure on CISOs or any single department and making risk management a collective responsibility. In an era of increasing regulatory oversight, such as the new rules from the SEC, ERM also aims to help companies demonstrate that they are taking all necessary precautions and addressing regulatory requirements effectively.

Williams also emphasizes the need for businesses to prepare for the increasing regulatory scrutiny by maintaining a robust governance structure and adopting a team-based approach for managing cyber security risks. They predict the possibility of additional rule-making concerning cybersecurity in the future, thus viewing the current phase as the calm before the storm.

Williams ends the conversation with an invitation for listeners to provide feedback, reinforcing the theme of the episode: collective engagement in cybersecurity management.

Key Questions Addressed:

• What is the impact of the new SEC reporting rule on CISOs and their teams?
• How can Enterprise Risk Management contribute to overcoming cybersecurity challenges?
• How does the SEC reporting rule change the role of a CISO within an organization?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Keyaan Williams, Founder and Managing Director of CLASS-LLC [@_CLASSllc]

On LinkedIn | https://www.linkedin.com/in/keyaan/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

Devo | https://itspm.ag/itspdvweb

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, we are joined by guest Keyaan Williams to discuss the impact of the Securities and Exchange Commission (SEC) Incident Reporting Rule on organizations and its far-reaching implications. The wide-ranging discussion covers the shift in responsibility from a single Chief Information Security Officer (CISO) to the entire organization, the necessity for companies to have situational awareness to rapidly determine the materiality of cyber security incidents, and how these rules affect the company's enterprise risk management strategy.

Enterprise Risk Management (ERM) is integral to the way organizations protect themselves and manage risk. Contrary to focusing exclusively on cybersecurity and cyber-related risk, ERM takes an holistic approach and considers all risks across the company. This comprehensive approach ensures that companies make well-informed decisions about how they allocate resources, prioritize risks, and choose specific areas to mitigate. ERM also distributes the burden of risk oversight, reducing the intense pressure on CISOs or any single department and making risk management a collective responsibility. In an era of increasing regulatory oversight, such as the new rules from the SEC, ERM also aims to help companies demonstrate that they are taking all necessary precautions and addressing regulatory requirements effectively.

Williams also emphasizes the need for businesses to prepare for the increasing regulatory scrutiny by maintaining a robust governance structure and adopting a team-based approach for managing cyber security risks. They predict the possibility of additional rule-making concerning cybersecurity in the future, thus viewing the current phase as the calm before the storm.

Williams ends the conversation with an invitation for listeners to provide feedback, reinforcing the theme of the episode: collective engagement in cybersecurity management.

Key Questions Addressed:

• What is the impact of the new SEC reporting rule on CISOs and their teams?
• How can Enterprise Risk Management contribute to overcoming cybersecurity challenges?
• How does the SEC reporting rule change the role of a CISO within an organization?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The word “cloud” is often uttered up in an almost reverent tone by anyone even tangentially affiliated with the IT world. A big reason for this is because cloud computing has been a tremendous boon for all manner of institutions. Getting away from on-prem servers has reduced cost and increased the speed at which organizations operate as well as the amount of data and applications that can be used to add value. But there is a tremendous amount of complexity in the cloud. With so many developers working in the cloud, there are also many potential access points and, therefore, security vulnerabilities. Ami Luttwak, the Co-founder and CTO of Wiz, explains how cloud complexity increases risks to security.

Main Takeaways

• The Promise and Problem With the Cloud: Use of the cloud can add value to organizations. For instance, the cloud can potentially decrease cost and promote efficiency. It also adds complexity and possible access points. For bad actors, this sort of complexity creates openings to infiltrate systems in order to achieve their malevolent ends.
• Asking the Question Differently: To innovate, sometimes it’s a matter of just asking a question differently. Also, asking the question simply can be helpful too. That said, it may only appear to be an elemental question after it has actually been answered. Wiz asked the basic question: are your cloud databases exposed? Solving this problem has allowed the company to make an impact in cloud security.
• MVP Plus Scale: In startup circles, it makes sense to get an MVP out ASAP. Luttwak suggests that startups must create MVPs that also have the capacity to scale. If they do so, they will save time and put their companies in a better position down the line.

IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform