利用人员、流程和技术克服网络安全贫困线的成本效益策略.pdf

《利用人员、流程和技术克服网络安全贫困线的成本效益策略.pdf》由会员分享，可在线阅读，更多相关《利用人员、流程和技术克服网络安全贫困线的成本效益策略.pdf（46页珍藏版）》请在三个皮匠报告上搜索。

1、Overcoming the CyberSecurity Poverty LineCost E?ective Strategies Using People,Process,and TecnologyRobert WagnerMr_MinionMr_Minioninfosec.exchangeAdvisory CISOAdvisory CISO/Managing DirectorCommunityHak4Kidz Co-FounderISSA Chicago BoardChicago CISO of the YearBurbSecBSides312Do me a favor?Take pict

2、uresPost to socialIntroductionSmall Businesses Keep Making the Same Mistakes Large Enterprises Made 20 Years AgoI Wrote This Talk BecauseCyber Security Poverty LineThe line below which an organization cannot be e?ectively protected-much less comply with-security regulations.Wendy Nather,2010MoneyExp

3、ertiseCapabilityIn?uencePrimary HurdlesUnderstanding the Impact on Small BusinessAttacks targeting Small-to-Medium Enterprises comprised46%of all attacks in 2021-Verizon Breach Report 2021Cyberattacks cost SMEs an average of$200,000 per?rm.and 60%of(SME)victimsgo out of business within 6 months.Hisc

4、ox InsuranceWhere Do We Start?Too Much Focus on TechnologyPeopleTalent is Hard to Find-Is it really,though?Consider Non-traditional approaches to hiringSpeaks in Business TermsExperienced in Incident ResponseUnderstands ComplianceCreates Realistice Risk and Vulnerability ObjectivesHeres What To Look

5、 ForVirtual CISOsHire a Few Strategic LeadsTarget of Empathy&MentorshipRun interference for Business PoliticsLead by ExampleCreate a Low Cost ArmyInternsTemp-to-HireEntry Level HiresNuture TalentStop Chasing UnicornsCreate a Culture of Mutual Mentorship and SharingTrain them so well that they could

6、leaveTreat them so well that they stayHelp Justify Their Training to the BusinessThey usually dont know the right languageEncourage Participation in the InfoSec CommunityLook for talent in existing employeesFrom Within and WithoutHow to Nurture TalentUse Neutral LanguageWords like self-reliant or le