Navigating Cybersecurity for CIOs: Tailored Approaches for Different Sectors by Dan Lohrmann and Bikash Barai

In a comprehensive discussion, the importance of diverse expertise and scenario-based planning in cybersecurity tabletop exercises is highlighted. Emphasizing the significance of involving key leadership roles from various sectors, the conversation underscores the need for tailored scenarios and recommends resources like NIST for structuring tabletop drills.

 

 

Here is the verbatim discussion:

So CIO's chief information officers also, you know, different, different types of experts in business areas. So whatever, you know, who knows which area might be hit? Last year the biggest area in the US was hospitals. So if this was a hospital tabletop, you know, the scenarios for doctors might be slightly different than it might be for a government, or if it's for a bank, it could be different. You know, what are the different functions? Maybe it hits one part of the bank and maybe not another part of the bank. So you want, you know, you want to make sure those leadership roles from all across the enterprise are there at the table. And that's really important, you know, getting them involved. The other thing is you want to make sure that as you're putting together your scenarios, and I would just recommend go to in the USA, I don't know other parts of the world as well. I know the UK and USA very well, but Nist is a great place to go.

 

Highlights:

Diverse Expertise: The discussion stresses the inclusion of CIOs, experts from different business areas, and sector-specific professionals in cybersecurity tabletop exercises to ensure a holistic approach to threat preparedness.

Tailored Scenarios: Scenario planning accounts for the unique vulnerabilities and functions of different sectors, such as hospitals, government agencies, or banks, enabling targeted preparation and response strategies.

Leadership Involvement: Key decision-makers from across the enterprise should participate in tabletop exercises to gain insights into cybersecurity challenges and foster a proactive organizational culture.

Resource Recommendation: NIST (National Institute of Standards and Technology) is highlighted as a valuable resource for structuring tabletop exercises, offering comprehensive guidelines and frameworks for effective cybersecurity planning.

As organizations navigate an increasingly complex cybersecurity landscape, the insights shared underscore the importance of proactive preparation through scenario-based tabletop exercises. By involving diverse expertise and leadership roles from various sectors, organizations can enhance their readiness to address sector-specific threats and vulnerabilities. Leveraging resources like NIST facilitates the structured development of tabletop drills, ensuring comprehensive risk assessment and mitigation strategies. Ultimately, these exercises serve as invaluable tools for strengthening organizational resilience and response capabilities in the face of evolving cyber threats.

 

Speakers:

Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.


https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai
is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

 

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

 

 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform