One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495742 |
| Date de publication | 2019-12-03 17:12:11 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Dec 3 - infosec driving principles |
| Texte | In an interview for CIO Dive, Maersk's recently-appointed CISO Andy Powell discussed aligning the organization with these five 'key operating principles': "The first is trust. The client has got to trust us with their data, to trust us to look at their business. So we've got to build trust through the cybersecurity solutions that we put in place. That is absolutely fundamental. So client trust, client buy-in has been fundamental to what we tried to drive as a key message. The second is resilience. Because you've got to have resilient systems because clients won't give you business if you're not resilient ... The third really is around the fact that security is everybody's responsibility. And we push that message really hard across the company … be clear about what you need to do and we train people accordingly. ...The fourth one really is accountability of security and I have pushed accountability for cyber risk to the business. ... And the final piece, and this has been one of the big call outs of my team to everybody, is that security is a benefit, not a burden. The reason I say that is people's perception is that security will slow things down, will get in the way ... the reality is that if you involve security early enough, you can build solutions that actually attract additional clients."Fair enough Andy. I wouldn't particularly quarrel with any of them, but as to whether they would feature in my personal top-five I'm not so sure. Here are five others they'd be competing against, with shipping-related illustrations just for fun:Governance involves structuring, positioning, setting things up and guiding the organization in the right overall direction - determining then plotting the optimal route to the ship's ultimate destination, loading up with the right tools, people and provisions. Corporate governance necessarily involves putting things in place for both protecting and exploiting information, a vital and valuable yet vulnerable business asset;Information is subject to risks that can and probably should be managed proactively, just as a ship's captain doesn't merely accept the inclement weather and various other hazards but, where appropriate, actively mitigates or avoids them, dynamically reacting and adjusting course as things change;Flexibility and responsiveness, along with resilience and ro |
| Envoyé | Oui |
| Condensat | and the about absolutely accept accordingly accountability across actively activities actually additional adjusting against ahead aligning allowing along andy anticipated any apparently appointed appropriate are around arrangements asset;information assurance attract auditing available avoid avoids because becomes been below benefit best big blend both build burden business but buy call can capabilities captain central certificate change;flexibility cio ciso clear client clients company competing confidence corporate correlates could course cyber cybersecurity data dec demonstrates destination determining device difficult direction discussed dive doesn down drive driving dynamically early enough even everybody exploiting extent fact fair faith fast feature final first five fourth fun:governance fundamental further get give gives got governance grows guiding had hadn hands hard has have hazards helm here his hull iceberg icy illustrations implies importance improvements inclement including information infosec instrument interview involve involves isn just key knowledge largely leadership leave loading look maersk make managed management mariner master maturity maybe merely message mitigates monitoring more motivation nblog necessarily need night nimble not novel occur one open operating opportunities optimal options order organization ornament;assurance other others outs overall oversight particularly parties people people: perception personal piece place plotting port: positioning powell present principles proactively probably product progress protecting provisions push pushed put putting quality quarrel quite rather reacting reality really reason recently related remain resilience resilient resources responsibility responsiveness reviewing right ripped risk risks robustness route say seas seaworthiness second security setting sextant ship ship;making shipping should situations skills slow solutions steaming steer strongly structuring subject supports supposedly sure systems team technology testing than them then these they things third thought through ticket titanic tool tools top train tried trust turned ultimate unsinkable valuable various vessel vital vulnerable way weather well weren what whatever where whether will within won would wouldn yet you |
| Tags | Tool Guideline |
| Stories | NotPetya |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.