2nd Edition

Tracking the trends and news for IT and IT Security

Paul

The Enemy of My Enemy is My Friend: The Unification of the CSO and CISO

android-chrome-256x256-1.png The Enemy of My Enemy is My Friend: The Unification of the CSO and CISO>
Security Boulevard – Ontic
One of our advisors once said that cyber teams use bits to protect bits, while physical security teams use bits to protect atoms. The differences in the application of tradecraft by both cyber and physical teams are enormous. If you were to research the history of insider threats and related risk mitigation techniques, one would assume that insider threats are strictly a cyber problem that can only be solved by cybersecurity teams, using their dedicated strategies and tools. After all, cyber seems to be well regarded as a safe and necessary investment, and it requires less scrutiny to obtain a realistic operating budget. Currently, there are about 1 million cybersecurity workers in the US alone, with approximately 700K positions yet to be filled. According to the Cyber Research Databank, there are over 3500 cybersecurity vendors globally.

How do we unify the approach? While the general perception continues to reinforce the rumor that cyber owns insider risk mitigation, we are seeing an interesting evolution occur right before our eyes, where CSOs and their supporting intelligence teams are not only joining in but in some cases leading the fight against insider threats. To fight this battle effectively, we need both cyber and physical security teams to join forces in order to work together and agree on the most appropriate strategy for their organization. Remember – the majority of the required data, tools and security leaders already exist in your company today. So we must ask ourselves:

This is why a proper physical threat-hunting program must complement and interface with your digital threat-hunting operations. Cyber threat hunting is key, yet it alone will not allow your teams to understand the bigger picture of the risk landscape, nor take the most appropriate action.

According to Brian Allen, an ESRM evangelist, “When ESRM principles are applied, the security function changes completely – from a set of tasks, performed discretely, to a role. ERSM means security decisions are made by the right person, with the right authority and accountability, and for the right reasons – reasons based on defined risk principles.”
Link: https://securityboulevard.com/2023/02/the-enemy-of-my-enemy-is-my-friend-the-unification-of-the-cso-and-ciso/

Categories:

Tags: