Community Platform
PRO PROGRAM

Miray Bolukbasi

Interests
  • Cyber-security
This Year
No Points
Total
1078 Points
MIS Badge

Click here
to validate the recipient

KEY COMPONENTS OF A WORLD-CLASS CYBERSECURITY MANAGEMENT PROGRAM

 

Key Components of a World-Class Cybersecurity Management Program

The event was hosted by ISACA and speaker was \\\\\\\’David Klein\\\\\\\’ who is a senior director of product strategy at ProcessUnity. Webinar was online and open for questions.

Mostly we talked about the importance of CISO and how information security jobs at the companies became more important than ever. The speaker talked lot about how coronavirus situation put some pressure on the security departments.

During this session, I learned:

  • The specific requirement of the CISO job such as:
    • Establishing a baseline
    • Committing a control framework
    • Monitoring a single cybersecurity program
    • Creating and executing a schedule
    • Communicating the impact
  • The role of the security officer has changed, it is expected go keep growing and gaining respect at the workplace during 2021 due to COVID-19 facts and regulations.
    • CISO became more enable than disabler nowadays because there was a specific understanding that CISO professionals are always \\\\\\\’no\\\\\\\’ sayers to new digitalizations or new technological developments at the companies because of the safety reasons. Now, companies are aware of the CISO power, because it became a good advantage on competitors. If you have good CISO team and security management, you are ahead of the game when it is related to data privacy.
  • The challenges that CISO experiences:
    • Consultants that engaging with company data but they considered as external employees. The safety of that informations has lots of threats.
    • Lots of cybersecurity tools available in the marketplace. It is a hard decision to decide which one to invest and work on.
  • The steps of defining cybersecurity program:
    • Company data clarification such as: policies, processes, high value assets, third parties, training programs.
    • Risk and control methodologies: threats, and related to threats defining risk and finally standards should be applied on those risk by regulations within organization.
    • Asses, review and monitor tools: specific questionnaires,  control and threat reviews, assessments.
  • Specific organizations that taking caring of nation wide regulations.

As a junior MIS student, this session was full of new and interesting information to me. I met lots of new terms and processes. Since, I didn\\\\\\\’t take my cybersecurity class yet, it was hard for me to catch specific terms related to class work. But overall, the security is always a topic during our major classes. One thing I found related was the demand of cybersecurity nowadays. We had chance to discuss the increasing threats based on more online activity on the web during pandemic. It was a good one to hear some stuff from the speaker as well .

Moving forward, I\\\\\\\’m really happy about what I learned today because cybersecurity is all I want for my future path and how it actually works within the companies was interesting to learn today.

 

Skip to toolbar