Is your cybersecurity strategy truly protecting your business, or just checking boxes? In today’s fast-paced digital landscape, threats evolve faster than updates, and staying compliant can feel like a maze.
In this episode of the Cyber Consulting Room podcast, host Gordon Draper speaks with Chris Hows, Principal Governance, Risk, and Compliance (GRC) Consultant at Mercury Information Security Systems. Chris shares his unconventional journey into cybersecurity, emphasizing the importance of GRC in enhancing organizational cybersecurity. He discusses the significance of understanding various standards, risk management, and aligning security controls with business objectives. Chris also highlights the challenges of compliance, the necessity of tailoring GRC frameworks to specific needs, and offers practical advice for aspiring cybersecurity professionals. The episode provides valuable insights into the critical role of GRC in cybersecurity.
In This Episode:
- (00:28) Chris's journey into cybersecurity
- (01:14) Educational path to GRC
- (02:07) Advice for aspiring cybersecurity professionals
- (02:54) Defining governance, risk, and compliance
- (04:19) Understanding compliance challenges
- (14:39) Benefits of the ASD essential framework
- (16:30) Challenges of implementing ISO frameworks
- (17:40) Understanding control intent
- (22:44) Zero trust principle
- (24:14) Identifying cybersecurity risks
- (29:47) Shared responsibility model
- (39:33) Software compliance and updates
- (41:11) Regulatory evolution in cybersecurity
- (42:18) Accountability for cybersecurity
- (43:37) Best practices for compliance
- (45:17) Intent behind compliance frameworks
Notable Quotes
- [05:10] “If you just try to tick a box, potentially you might actually miss one of the core foundational things of what you're trying to do.” - Chris
- [11:42] “Each business does need to sit down and decide how much risk is appropriate for them based on their context and based on how much they're potentially able to lose.” - Chris
- [21:19] “You really need to understand what your threat is and tailor your risk assessment and controls to your needs.” - Chris
- [24:14] “Phishing is so insidious because it’s very simple to double-click on that document someone sent you, and then the game’s already over.” - Chris
- [37:02] “Privacy is an ever-increasing area of regulation. In Australia, it's being looked at again, and we might see something like GDPR coming in the future.” - Chris
- [45:17] “A lot of the things that I've seen is, what would a reasonable person do? If it was your information, would you be happy with these controls in place?” - Chris
Resources and Links
Cyber Consulting Room
Gordon Draper
- https://cybermarket.com/
- https://www.linkedin.com/in/gordondraper/
Chris Hows
- For more episodes like this visit https://cyberconsultingroom.com
- You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/
Popular Podcasts
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.