成为首席信息安全官的艺术与科学.pdf

《成为首席信息安全官的艺术与科学.pdf》由会员分享，可在线阅读，更多相关《成为首席信息安全官的艺术与科学.pdf（27页珍藏版）》请在三个皮匠报告上搜索。

1、The Art and Science of Being a CISOIra Winkler,CISO,CYE#1b-questions-for-speakers-track-1The Art and Science of Being a CISOIra Winkler,CISSPI3Art or Science?Why do so many of Michelangelos statues look similar?Why was the style always the similar?Why did DaVinci dissect corpses?Picassos inconsisten

2、cies are generally similarIs Christos art unique,or do they just find ways to screw up other art?What is Mastery?Karate Master Perfected previous ranks Mastered the basics of punching,kicking,and blocking Tested through ranksDont get me started on McDojosMaster Plumber Training Experience TestDive M

3、asterTrainingExperienceTestingDive industry20 dive skills masteredScience vs ArtArt is:ExpressiveUnrepeatableScience is:EmpiricalConsistentREPEATABLE7CISOs Should be ScientistsWhat Are CISO Responsibilities?People leaderBudget authorityVarying levels of executive reportingBusiness leadershipEnsuring

4、 delivery of cybersecurity across necessary domainsComplianceSetting internal standards,policies,and proceduresEnforcementHow Do CISOs Make Decisions?Analysis of available informationInput from direct reportsConsideration of strategic goalsPain pointsStrategic and tactical failingsExperienceWhat wor

5、ked?An End of Year Excess ExampleExecutive team invited to a meeting to determine how to spend end of year moneyProjects listed outChampions argued the merits of each projectAny other recommendations needed to find out details firstLeadership team argued merits of each and balanced budgetEverything

6、was Intuitive:It was an art,not a scienceWhat Data Can Be Analyzed?Internal DataVulnerability scansEDRLog filesReportsIncident dataBoard reportsNetwork mapsBusiness dataAsset inventoryExternal DataCloud scansCSPMExternal scansLog reportsVulnerability reportsThreat IntelligenceDark web intelligenceOp