Here is a quick five-minute video of highlights from CISO Series Video Chat: “Hacking Data First Security: An hour of critical thinking about focusing your security program on data.”
Our guests for this discussion were:
- Brian Vecci (@BrianTheVecci), field CTO, Varonis
- Mario DiNatale (@MarioGDiNatale), CISO, Odyssey Group
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Varonis
Best Bad Idea
Congrats to Bryn Standley-Ossa, customer success manager, Elevate Security for winning this weeks’s Best Bad Idea.
Other honorable mentions go to:
“Store all data in a honeypot.” – Joshua Bregler, security architect, AWS
“Deploy a data jury and require every employee justify each time they need access to any data.” – Bryn Standley-Ossa, customer success manager, Elevate Security
“Keep as little data as possible.” – Joshua Bregler, security architect, AWS
10 percent better
“Build a better internal marketing plan for your Data Governance objective. All customers play a roll, technology won’t solve all it. Better marketing sells your customers on the idea vs forcing the idea on them.” – Parker Brissette, head of information security, Colorado Judicial Branch
“Deploy honey tokens/fake files in all sensitive data stores starting with the highest classification level and get better at detecting insider threats.” – Jean-Michel Amblat, information security
Quotes from the chat room
“The key is understand the business and that will show the way to the access. I think there is a break where many don’t understand the business and its workflows.” – Cliff Ziarno, business information security leader – Strategic Advisor, CZ Consulting Services
“Ideally, asset tagging should be done first past with scanning tools and then people adjust the tags as needed. Algorithms can find CC and SSN numbers in documents with fairly good accuracy.” – Duane Gran, director, information systems and security, Blue Ridge ESOP Associates
“In my observations, SSNs are never just in isolation. Even a list will on some level be an ordered list that can be combined with some other data set to connect the dots.” – Duane Gran, director, information systems and security, Blue Ridge ESOP Associates