As the CIO and CISO of your organization, what are some of the major things you do to prevent and mitigate a breach?

Top Answer : Get rid of security solutions that don't work and improve your controls.

43 views
4 comments
1 upvotes
Related Tags
Orange Server
Software
Get rid of security solutions that don't work and improve your controls.
0 upvotes
Black Charger
Software
Focus on the tools/software once you have a really solid assessment/visibility into your overall infrastructure (systems, data, processes, people) and associated risks.  Too often organizations try and prevent and mitigate with software/solutions first.
0 upvotes
Red Charger
Educational Services
As good as tools are, at the end of the row is end users. Spend extra time on the weakest link - people.  Educate, Educate, Educate.
1 upvotes
Orange Hard Drive
Educational Services
Automate as much as you can with the right tooling that is capable and that you can trust. Train and educate the humans involved in the whole process. Especially in development, ensure you build Security and Privacy by Design.
0 upvotes
Black Monitor
Software
There are entire books written in response to this question.   But one of the best ways to mitigate the catastrophic effects of a data breach is to get rid of unwanted data.   But this is not a trivial thing. Many companies have been gathering and storing data for decades. They have many methods in ingress, but no method for data elimination. Over time, this can add up to tens of petabytes of data.  An in the event of a breach, all that data is exfiltrated.   Firms that have to deal with GDPR got a head start on this and started eliminating data they no longer needed to collect or store. That way their liability is limited. Firm who don’t have to deal with GDPR may want to take the same approach.
0 upvotes