7 Security and Compliance Tips From ISC2 Security Congress

During Cybersecurity Awareness Month, thousands of cyber experts from crossed the globe convened successful Las Vegas for the ISC2 Security Congress 2024 to sermon the manufacture challenges and champion practices — including strategies for reducing concern risks and minimizing uncertainty successful their operations.

Ralph Villanueva was 1 of those cyber professionals who offered proposal to audiences. An IT information and compliance expert astatine Hilton Grand Vacations, helium riffed connected the fashionable concern self-help publication “7 Habits of Highly Effective People” for his presentation, distilling champion practices into 7 habits and detailing however they acceptable into day-to-day work.

The 7 habits of effectual IT information and compliance professionals

The habits Villanueva highlighted include:

1. Understanding your enterprise’s concern mission, vision, and objectives. Instead of focusing connected your role, get everyone connected committee with 1 mission.
2. Continuously studying the interior and outer IT situation and risks of your enterprise.
3. Knowing the cardinal players successful your enterprise. Some employees whitethorn disregard this arsenic “playing politics,” Villanueva said, but it’s important to cognize who to spell to for fund needs oregon different requests.
4. Understanding your strengths and weaknesses, recognizing erstwhile to inquire for help.
5. Learning to pass the method requirements of compliance. Help coworkers and stakeholders from different parts of the concern recognize wherefore those requirements are important.
6. Accepting the world of your job, which means expecting and having plans for pushback. “Some radical volition unfairly look astatine the information policies and the information provenance policies we enactment successful spot and accidental it’s an unnecessary burden. Ironically, that includes immoderate of the cardinal officers of the company,” Vlillanueva said.
7. Adopting a proactive, affirmative cognition — and remembering that you tin marque a quality successful your organization. “It [a affirmative attitude] volition not get the enactment done, but it volition assistance you beryllium a amended IT information audit and compliance professional,” Villanueva added.

What roadblocks basal successful the mode for information and compliance professionals?

These recommendations tin assistance information and compliance professionals flooded communal roadblocks, Villanueva said. Obstacles tin see the “silo” quality of business, successful which different departments spot information arsenic “IT’s problem.”

As Villanueva explained, the income section whitethorn purpose to trim what they comprehend arsenic friction successful definite processes. Meanwhile, IT whitethorn deliberation immoderate friction helps support those processes safe. Similarly, employees some wrong and extracurricular tech roles whitethorn fixate connected functionality alternatively of looking astatine the large picture.

“Some companies person a piecemeal attack to updating their servers, their endpoints, their databases,” Villanueva said.

SEE: At ISC2 Security Congress, SentinelOne CISO Alex Stamos named sophisticated menace actors arsenic the astir pressing interest for cybersecurity professionals today.

Additionally, committee members and executives whitethorn not prioritize cybersecurity.

Relying excessively overmuch connected exertion tin besides beryllium detrimental to a business. Security and compliance professionals indispensable recognize over-reliance connected exertion itself mightiness beryllium damaging, arsenic Villanueva highlighted cases, specified arsenic the CrowdStrike outage successful July and lawyers being penalized for utilizing ChatGPT, arsenic applicable examples of overreliance connected technology.

How to use the 7 habits successful your business

Villanueva emphasized that alternatively of focusing connected day-to-day challenges, information and compliance professionals should see the large picture. He reminded attendees of the value of the aged concern staple: the “three-legged stool” of people, process, and technology.

Villanueva suggested 1 solution to the occupation of groups being siloed astatine enactment is to person meetings much often. “For immoderate meetings are a discarded of time, but meetings are truly important to getting everyone connected board,” helium said.

He recommended getting arsenic overmuch committee engagement arsenic possible. One day, Villanueva predicted, nationalist companies whitethorn beryllium mandated to person an AI adept connected the board. The SEC considered mandating a cybersecurity adept beryllium connected boards of directors of nationalist companies arsenic of 2022. However, it retracted the connection by 2023.

Finally, Villanueva reminded information and compliance professionals to show third-party risk. In 1 gaming establishment, helium said, menace actors walked distant with a cookware of personally identifiable accusation — due to the fact that they were capable to interruption successful done a third-party vendor managing a food tank.

Disclaimer: ISC2 paid for my airfare, accommodations, and immoderate meals for the ISC2 Security Congress lawsuit held Oct. 13 – 16 successful Las Vegas.