State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

--------------------

Assess, design, and implement your cybersecurity strategy.

Learn more at www.accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

--------------------

Assess, design, and implement your cybersecurity strategy.

Learn more at www.accesspointconsulting.com.

State of Security, by Access Point Consulting, brings together seasoned experts in the fields of security consulting, regulatory compliance, and security operations. Whether you’re a business leader, IT professional, or security enthusiast, this podcast offers valuable insights and actionable advice.

--------------------

Assess, design, and implement your cybersecurity strategy.

Learn more at www.accesspointconsulting.com.

Takeaways

• Identify and assess the risks associated with third-party vendors and suppliers
• Build strong relationships with critical vendors and continuously monitor their security posture
• Understand the risks associated with the third parties used by your own third parties
• Use tools like BitSight and UpGuard for scanning and monitoring vulnerabilities
• Have management support, clear roles and responsibilities, and a focus on security posture

Chapters

00:00 Introduction and the Importance of Identifying Third Parties

03:02 Defining Supply Chain Risk Management

09:44 The Risks of Shadow IT Vendors

13:28 Building Relationships with Critical Vendors

17:18 The Challenges of Fourth-Party Risk Management

20:09 Tools for Scanning and Monitoring Vulnerabilities

23:03 Key Recommendations for CISOs and CIOs

Summary

In this episode of State of Security, Geoff Hancock discusses cyber threat intelligence with guests Mike Rush and Evie Manning. They define cyber threat intelligence as data that is collected, processed, and analyzed to understand threat actors, their motives, targets, and behaviors. They emphasize the importance of making intelligence actionable and highlight the different levels of threat intelligence, from strategic trends to tactical actions. The guests also discuss the impact of cyber intelligence on supply chain security and how it can be used to proactively protect businesses. They stress the need for collaboration and communication between different cybersecurity disciplines and the importance of relevant and contextual data in cyber intelligence.

Takeaways

• Cyber intelligence is data that is collected, processed, and analyzed to understand threat actors, their motives, targets, and behaviors.
• Making intelligence actionable is key, as it allows organizations to make informed decisions and take proactive measures to resolve issues and prevent future attacks.
• Cyber threat intelligence encompasses a broad range of information, from strategic trends to tactical actions, and helps organizations identify relevant threats and prioritize their security efforts.
• Cyber intelligence plays a crucial role in supply chain security, as it helps organizations identify and mitigate risks in their supply chain and protect their customers.
• Collaboration and communication between different cybersecurity disciplines, such as vulnerability management, incident response, and threat hunting, are essential for effective cyber intelligence.
• Small and medium businesses can start building their cyber intelligence capabilities by conducting an internal assessment of their assets, risks, and vulnerabilities, and then seeking relevant and contextual data from trusted sources.

Chapters

00:00 Introduction to Cyber Intelligence

04:38 Different Levels of Threat Intelligence

07:28 Cyber Intelligence in the Context of Small and Medium Businesses

10:43 The Importance of Supply Chain Security

26:52 Building Cyber Intelligence Capabilities for Small and Medium Businesses

Summary

This episode focuses on governance, risk, and compliance (GRC) and how organizations can strengthen their GRC programs.

Key recommendations include:

1. Ensure executive buy-in and support for GRC initiatives.
2. Review and update policies, procedures, and documentation regularly.
3. Implement continuous monitoring and improvement of GRC processes.
4. Incorporate GRC elements into contracts with third parties.
5. Conduct regular internal and third-party risk assessments.
6. Provide security awareness training to employees.
7. Consider the impact of AI on GRC, but maintain a human element in the process.

Chapters

00:00 Introduction

03:21 The Importance of Resilient GRC

08:33 Challenges and Failures in GRC

25:58 Executive Buy-In and Documentation

30:38 Continuous Monitoring and Improvement

35:24 Strengthening GRC Programs

Summary

During HIMSS24 in Orlando, Access Point highlighted the importance of operational resilience and incident response in healthcare. Led by Geoff Hancock, the session addressed the increase in data breaches and the need for proactive cyber resilience. Panelists emphasized the shift to proactive cybersecurity, the role of AI and machine learning, key elements of an incident response plan, and collaboration between teams. Executives were noted for their oversight during breaches, and the evolving role of the C-suite in prioritizing cyber resilience was emphasized. Effective communication to the C-suite and board of directors, along with balancing innovation with privacy and compliance, were also discussed.

Takeaways

• Operational resilience and incident response are crucial in the healthcare industry due to the increasing number of data breaches.
• A proactive approach to cybersecurity is necessary, with a focus on having a plan and being able to withstand and manage through an attack.
• AI and machine learning play a role in cybersecurity, but there is a need for continuous testing and governance to prevent manipulation of outcomes.
• Key elements of a healthcare organization's incident response plan include team collaboration, incident classification, detection and analysis tools, recovery and retention strategies, and involvement of executives.
• Collaboration between the CISO, engineering, and IT teams is crucial for creating a strong security posture.
• Executives in hospital administration play a role in providing oversight and managing through a breach.
• The C-suite's understanding and prioritization of cyber resilience are evolving.
• Budgeting and prioritization are important for implementing effective cybersecurity measures.
• Effective communication and reporting to the C-suite and board of directors are essential.
• Balancing the adoption of innovative technologies with patient privacy and regulatory compliance is a challenge.

Chapters

00:00 Introduction and the Need for Proactive Cyber Resilience

06:22 Understanding the Operational Side of Cyber Resilience

09:10 Key Elements of a Healthcare Organization's Incident Response Plan

24:27 Collaboration between CISO, Engineering, and IT for Strong Security

26:54 The Evolving Role of the C-Suite in Understanding Cyber Resilience

29:51 Budgeting and Prioritization for Effective Cybersecurity

33:13 Effective Communication and Reporting to the C-Suite and Board

36:08 Balancing Innovation and Patient Privacy in Healthcare