This episode of CISO Tradecraft, Andy Ellis from Orca Security stops by to talk about three really hard problems that CISOs have struggled with for decades.
- How do we build a phishing program that works?
- How do we build a 3rd party risk management program that isn't a paper exercise?
- How do we actually get good at patch management?
Stick around for some great answers such as:
- Human error is a system in need of redesign
- How do we put every employee on an island protected from the company?
- If we stopped doing this practice/process, then how would the world be different?
- What data/transactions does this third party have access to?
- What are all of the dangerous things customers can do in their configurations that my organization needs to know about?
- What if we turned on auto-patching for the desktop?
- What if we set SLA tripwires to alert senior leaders when their developers are unable to meet patching timelines?
References:
Vulnerabilities Don't Count Link