Category Archives: C-Level

CEO vs. CISO Mindsets, Part IV: Monte Carlo Breach Cost Modeling for CISOs!

CEO vs. CISO Mindsets, Part IV: Monte Carlo Breach Cost Modeling for CISOs!

My main goal in this series is to give CISOs insights into CEO and board-level decision making so they can make a winning case for potential data security purchases. In my initial dive last time, I explained how CISOs should quantify two key factors involved in a breach: the frequency of attacks, and then the probability that the breach itself exceeds a certain cost threshold. Knowing these two ingredients (and that there are numbers or…

Wyden’s Consumer Data Protection Act: How to Be Compliant

Wyden’s Consumer Data Protection Act: How to Be Compliant

Will 2019 be the year the US gets its own GDPR-like privacy law? Since my last post in this series, privacy legislation is becoming more certain to pass. Leaders from both parties are now saying they will focus on privacy in 2019. Consider yourself warned! I’ll continue my journey from last time into the Wyden legislation since it’s a good baseline. Sure there are other bills, but they share some common elements. I’ve already discussed Wyden’s…

Wyden’s Consumer Data Protection Act: Preview of US Privacy Law

Wyden’s Consumer Data Protection Act: Preview of US Privacy Law

The General Data Protection Regulation (GDPR) has, for good reason, received enormous coverage in the business and tech press in 2018. But wait, there’s another seismic privacy shift occurring, and it’s happening here in the US. There is now a very good chance that significant data privacy legislation will come to the US soon. I’ll go out on a limb, and say in 2019. But if not next year, then certainly in 2020. Yes, we’ll…

CEO vs. CISO Mindsets, Part III: Value at Risk For CISOs

CEO vs. CISO Mindsets, Part III: Value at Risk For CISOs

To convince CEOs and CFOs to invest in data security software, CSOs have to speak their language. As I started describing in the previous post, corporate decision makers spend part of their time envisioning various business scenarios, and assigning a likelihood to each situation. Yeah, the C-level gang is good at poker, and they know all the odds for the business hand they were dealt. For CSOs to get through to the rest of the…

CEO vs. CISO Mindsets, Part II: Breach Risk, Security Investment, and Think...

CEO vs. CISO Mindsets, Part II: Breach Risk, Security Investment, and Thinking Like an MBA

In the last post, I brought up the cultural differences between CEOs and CISOs. One group is managing and growing the business, using spreadsheets to game plan various money making scenarios. The other is keeping the IT infrastructure going 24/7, and studying network diagrams while tweaking PowerShell scripts. I think you know which is which. The point of this series is to bridge the divide between these two different tribes. In this post, I’ll be…

CEO vs. CISO Data Security Mindsets, Part I

CEO vs. CISO Data Security Mindsets, Part I

If you want to gain real insight into the disconnect between IT and the C-levels, then take a closer look at the Cyentia Institute’s Cyber Balance Sheet Report, 2017. Cyentia was founded by the IOS blog’s favorite data breach thinker and statistician, Wade Baker. Based on surveying over 80 corporate board members and IT executives, Cyentia broke down the differing data security viewpoints between CSOs and the board (including CEOs) into six different areas. The…