Defense in Depth is part of the CISO Series network, which can be found at CISOseries.com.

Security for the business affects everyone and all departments. On this episode of Defense in Depth we discuss the values and difficulties of building an information security council.

Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Nick Espinosa (@NickAEsp), host of nationally syndicated show The Deep Dive with Nick Espinosa, and his daily podcast is called Nick's Nerd News Daily. Find Nick on Facebook, YouTube, and his articles on Forbes.

Thanks to this week's podcast sponsor, Fluency Security:

Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you'll learn:

• A good starting point for building an information security council is to develop a business continuity and disaster recovery plan with all departments and stakeholders.
• Understand the risk tolerance of each division.
• A well-informed information security council can often benefit from less security training.
• The number one battle to develop an InfoSec council is never technical. It is always cultural.
• Need to create a culture of not shaming people for making mistakes that compromise security. You want employees to feel free to speak up if they do make a mistake.