Podcasting
Advertisers
Enterprise
Pricing
Resources
Discover Discover

Log in
Sign up free

CISO Tradecraft®

#116 - A European view of CISO responsibilities (with Michael Krausz)

2023-02-13

In the US we often focus on SOC-2, NIST Special Pubs, and the Cybersecurity Framework. In Europe (and most of the rest of the world), ISO 27001 is the primary standard. ISO concerns itself with policy, practice, and proof, whereas NIST often shows the method to follow. Michael points out that a CISO is responsible for governance, (internal) consulting, and audit. In early stages of growing a security function, a CISO needs to be technically-focused, but as a security department matures, the CISO must be organizationally-focused. Also, to...

In the US we often focus on SOC-2, NIST Special Pubs, and the Cybersecurity Framework. In Europe (and most of the rest of the world), ISO 27001 is the primary standard. ISO concerns itself with policy, practice, and proof, whereas NIST often shows the method to follow. Michael points out that a CISO is responsible for governance, (internal) consulting, and audit. In early stages of growing a security function, a CISO needs to be technically-focused, but as a security department matures, the CISO must be organizationally-focused. Also, to effectively grow your team, first determine what actions need to take place, how much effort it requires, and how often it needs to take place. Then, build an action sheet and collect data for three months. Finally, take that to your executives and document your requirements for more staff.

Michael Krausz LinkedIn Profile: https://www.linkedin.com/in/michael-krausz-b55862/

Michael Krausz Website: https://i-s-c.co.at/

Full Transcript: https://docs.google.com/document/d/13fghym7IWyPvuRANQXUvmv-ulkSj93xv

Chapters

00:00 Introduction
04:01 Is there a Gap Analysis in ISO 27001?
08:05 Is there a Requirement for ISO Standards?
10:57 What is ISO 27001?
13:11 Is there a Parallel Development between the US and EU?
16:57 Do you want to be a trooper?
21:17 What's the Oldest Operating System?
23:09 Is there a Legacy Operating Systems that you can't get away with?
24:11 The Most Important Class for a CISO
26:33 The Secrets of a Successful CISO
29:30 CISO - I need 6 people period
33:40 What's the Primary Skill Needed in a CISO?
37:41 How to Maximize the Number of FTEs

View more

Comments (3)

More Episodes

You may also like

TheQuartering’s Podcast

MPIR Old Time Radio

Ham Radio Crash Course Podcast

All-In with Chamath, Jason, Sacks & Friedberg

Elliot in the Morning

Lex Fridman Podcast

The Ultimate Art Bell Podcast Feed

The Wheel of Time

Darknet Diaries

Get this podcast on your phone, Free

Create Your Podcast In Minutes

Full-featured podcast site
Unlimited storage and bandwidth
Comprehensive podcast stats
Distribute to Apple Podcasts, Spotify, and more
Make money with your podcast

It is Free

Podcast Services
MONETIZATION & MORE
KNOWLEDGE BASE
Support
Podbean

Privacy Policy
Cookie Policy
Terms of Use
Consent Preferences
Copyright © 2015-2025 Podbean.com