Episode Details

DHS Releases Strategic Principles for Securing the Internet of Things

• https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL....pdf
• These seem to be the same principles that we have been saying for all software (web, mobile, etc.)
• NIST also has a more generic publication 800-160
• What is the implication for the enterprise?
• Do we prioritize anything differently as a result

• Is the marketplace “broken?”
• If “we’ve told people before” but “they didn’t listen,” does that actually mean they are wrong?
• This is an area where we need to think about what we’re actually asking for
• http://thehill.com/policy/cybersecurity/306418-house-subcommittee-chair-regulation-of-internet-connected-devices-not

Facebook buys black market passwords to keep your accounts safe

• Password reuse is the single greatest cause of harm? Really?
• Sounds too much like a lab experiment, rather than a legitimate use of capital
• https://www.cnet.com/news/facebook-chief-security-officer-alex-stamos-web-summit-lisbon-hackers/

Michael just got back from Boston, hosting a CISO Leadership Conferences. We discuss the trends that came up…

https://www.klogixsecurity.com/blog/boston-ciso-summit-recap  

→ just the trends…

• Importance of a shared vision between the business and information security
• Placing a higher value on skillsets vs. specific certifications/experience when seeking team members
• How to enable the business and minimize asset loss
• Creating a roadmap and measuring metrics/progress
• Importance of reputational risk within an organization
• Educating the board on your roadmap progress and threats, while keeping communication functional
• Many organizations are placing a higher value on selecting the right cyber insurance
• Chall