Is your cybersecurity strategy truly protecting your business, or just checking boxes? In today’s fast-paced digital landscape, threats evolve faster than updates, and staying compliant can feel like a maze.
In this episode of the Cyber Consulting Room podcast, host Gordon Draper speaks with Chris Hows, Principal Governance, Risk, and Compliance (GRC) Consultant at Mercury Information Security Systems. Chris shares his unconventional journey into cybersecurity, emphasizing the importance of GRC in enhancing organizational cybersecurity. He discusses the significance of understanding various standards, risk management, and aligning security controls with business objectives. Chris also highlights the challenges of compliance, the necessity of tailoring GRC frameworks to specific needs, and offers practical advice for aspiring cybersecurity professionals. The episode provides valuable insights into the critical role of GRC in cybersecurity.
In This Episode:
- (00:28) Chris's journey into cybersecurity
- (01:14) Educational path to GRC
- (02:07) Advice for aspiring cybersecurity professionals
- (02:54) Defining governance, risk, and compliance
- (04:19) Understanding compliance challenges
- (14:39) Benefits of the ASD essential framework
- (16:30) Challenges of implementing ISO frameworks
- (17:40) Understanding control intent
- (22:44) Zero trust principle
- (24:14) Identifying cybersecurity risks
- (29:47) Shared responsibility model
- (39:33) Software compliance and updates
- (41:11) Regulatory evolution in cybersecurity
- (42:18) Accountability for cybersecurity
- (43:37) Best practices for compliance
- (45:17) Intent behind compliance frameworks
Notable Quotes
- [05:10] “If you just try to tick a box, potentially you might actually miss one of the core foundational things of what you're trying to do.” - Chris
- [11:42] “Each business does need to sit down and decide how much risk is appropriate for them based on their context and based on how much they're potentially able to lose.” - Chris
- [21:19] “You really need to understand what your threat is and tailor your risk assessment and controls to your needs.” - Chris
- [24:14] “Phishing is so insidious because it’s very simple to double-click on that document someone sent you, and then the game’s already over.” - Chris
- [37:02] “Privacy is an ever-increasing area of regulation. In Australia, it's being looked at again, and we might see something like GDPR coming in the future.” - Chris
- [45:17] “A lot of the things that I've seen is, what would a reasonable person do? If it was your information, would you be happy with these controls in place?” - Chris
Resources and Links
Cyber Consulting Room
Gordon Draper
- https://cybermarket.com/
- https://www.linkedin.com/in/gordondraper/
Chris Hows
- For more episodes like this visit https://cyberconsultingroom.com
- You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/
Popular Podcasts
United States of Kennedy
United States of Kennedy is a podcast about our cultural fascination with the Kennedy dynasty. Every week, hosts Lyra Smith and George Civeris go into one aspect of the Kennedy story.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com