Monday Jan 10, 2022
#60 - CISO Knowledge Domains Part 2
One of the most common questions that we get asked on CISO Tradecraft is what do I need to learn to be a good CISO? After a lot of reflection, CISO Tradecraft put together a Top 10 List of CISO knowledge domains that we believe are the core skills which produce really good CISOs. This episode is a continuation from the previous episode and will go over the 6th -10th knowledge areas.
- Product Security focuses on ensuring developers write secure code
- Defensive Technologies focuses on creating multiple layers of defenses in an organization to protect against a multitude of attacks
- Detection & Response Capabilities is about creating mechanisms to identify how attackers might circumvent your organization’s defensive technologies
- Laws, Regulations, & Oversight is about ensuring compliance with appropriate laws and regulations
- Enabling Technologies is about enabling businesses to create digital transformation
- Risk Management is about effectively identifying what are the biggest risks to the company, what's the likelihood and magnitude of a potential attack, and how to estimate the cost of remediation
- Governance is about understanding what technology your organization uses so you can effectively manage it through a process
- Identity & Access Management is about limiting the scope of an attacker who could cause harm to your organization
- Business Management & Leadership is an essential skill for executives to lead and influence others
- Security Culture is about building an organization where the entire company becomes resilient
https://github.com/cisotradecraft/podcast
Infographic:
Comments (0)
To leave or reply to comments, please download free Podbean or
No Comments
To leave or reply to comments,
please download free Podbean App.