How fortified is the business to withstand cyberattacks? Can it absorb the impact of the inevitable hits? Would understanding the business’ level of resilience provide the appropriate guidance for our security program?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Anne Marie Zettlemoyer, vp, security engineering and divisional security officer, MasterCard.
Got feedback? Join the conversation on LinkedIn.
Thanks to this week’s podcast sponsor, Castle
On this episode of Defense in Depth, you’ll learn:
- Resiliency allows the business to perform in conjunction with risk.
- A conversation about resilience forces security to think about business processes and the criticality of each one to the business’ ability to sustain itself.
- We’re forcing ourselves to think proactively when we have no choice but to react, hopefully automatically. Disaster recovery (DR) and business continuity planning (BCP) come into play here.
- There’s a concern that of the CIA (confidentiality, integrity, and availability) triad, “integrity” doesn’t have enough outside forces to insure its credibility.
- While security teams may just be coming up to speed, or are just thinking of resiliency, the business has been thinking about it since day one of becoming a business. If security begins thinking this way, they will be more in alignment with the business.
And here are some items Anne Marie mentioned at the end of the show:
Creative Commons photo attribution to Flickr user Roberto Saltori.