Is Cybersecurity a Technology Risk or a Business Risk
No se pudo agregar al carrito
Add to Cart failed.
Error al Agregar a Lista de Deseos.
Error al eliminar de la lista de deseos.
Error al añadir a tu biblioteca
Error al seguir el podcast
Error al dejar de seguir el podcast
Is Cybersecurity a Technology Risk or a Business Risk
-
Narrado por:
-
De:
Acerca de esta escucha
Mark Nicholls discusses how to integrate cybersecurity throughout the development lifecycle rather than treating it as an afterthought with pre-go-live penetration testing. He explains that embedding security into early design phases requires both leadership commitment and proper resource allocation to overcome the natural friction between IT and security teams.
• Moving security activities earlier in the development lifecycle is crucial for effectiveness
• DevSecOps implementation remains relatively rare, especially in larger legacy organizations
• Many security teams lack capacity to participate in early design stages
• Where a CISO reports indicates organizational security maturity
• Less mature companies have CISOs reporting to CIOs, treating security as just a tech issue
• More mature organizations position CISOs outside IT, reporting to CEO or board
• Business risk assessment should be the ultimate measure of security effectiveness
• Australia's "Essential Eight" provides practical baseline controls compared to NIST or ISO
• Regulatory requirements for breach reporting are increasing globally
You can find Mark Nicholls on LinkedIn or at informpros.com for any questions or follow-ups.
Josh's LinkedIn