Chief Information Security Officer Workshop Training
Microsoft has again created a great CISO workshop, and I would like to reshare it just in case you missed it. Below are the download links for the videos and PDF files as well as direct link to watch them,
Videos: To watch them at Micorosft.com Click Here
PDFs: Click Here
The Chief Information Security Office (CISO) workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles.
Why should you make time to watch this workshop?
You’ll get actionable advice on how to quickly increase your security program maturity, security posture, and ability to rapidly respond to attacks. These best practices, references, and other guidance are based on real world lessons learned across our customers and from Microsoft’s internal security teams.
Who should watch this workshop?
The workshop is useful for security teams, IT teams, business leaders, and cloud teams, but is primarily focused on:
- CISO + Security Directors – modernize security strategy and program components, integrate security into larger organization.
- CIO + IT Directors – integrate security into technology program, cloud, and other initiatives.
- Enterprise + Security Architects – and other roles with broad strategy/technology responsibilities.
What’s in the workshop?
Guidance on how to align security to continuously changing business priorities, technology platforms, threat landscape, and security tools. The workshop includes reference strategies and plans, lessons learned, and antipatterns/gotchas based on real world projects.
The workshop videos (about 4 hours total) and slides (link to PDF) are organized into these discussions:
- Introduction and Overview of the CISO Workshop
- Part A – Key Context and Fundamentals
- Trends impacting security from the threat environment, technology, and business transformations
- Evolution of security roles and responsibilities, including key best practices and trends to monitor
- Recommended strategy and strategic initiatives to improve your program: the role of Zero Trust in strategy, the (low) cost for attackers to buy tools and passwords, learnings on getting reliable information, and a business analysis of ransomware attacks.
- Part B – Business Alignment
- Engaging business leaders on security – guidance to have a conversation in the language of leaders to explain security, key metrics to measure success of a program, and how to get support for security goals.
- Risk Insights – discusses the dual mission of security to reduce risk to the organization and enable business goals, shares tips on aligning security business goals and business risk, and shares insights on the types of attacker motivations organization’s face.
- Security Integration – guidance for successfully integrating security teams together and integrating security into IT and Business processes. Including an in-depth discussion of how to build a posture management program – an operational team focused on preventive controls (which complements the security operations (SecOps/SOC) team focused on detection, response, and recovery)
- Business Resilience – discusses how business resilience is the north star of the security program across all the security disciplines that requires balancing security investments (before, during, and after an incident) and creating a strong feedback loop. This also includes discussion of the impact of unbalanced strategies (which is a common antipattern).
- Maturity models describing real world journeys for Risk Insights, Security Integration, and Business Resilience – including specific concrete actions to help you move up to the next level
- Part C – Security Disciplines
- Access Control – discusses how the Zero Trust approach is transforming access control, including identity and network access converging into a single coherent approach, and the emergence of the Known-Trusted-Allowed model (which updates the classic authenticated/authorized approach).
- Security Operations – discusses key leadership aspects of a security operations capability, often called SecOps or a Security Operations Center (SOC) including critical success metrics, key touchpoints with business leaders and functions, and the most important cultural elements.
- Asset Protection – discusses two key imperatives for teams that manage and secure assets (often IT Operations or Workload operations in DevOps). These teams must prioritize security work based on business criticality and must strive to efficiently scale security across the large, growing, and continuously evolving set of assets in the technical estate.
- Security Governance – discusses the role of Security Governance as a bridge between the world of business goals and technology and how this is changing with the advent of cloud, digital and zero trust transformations. This also covers key components of security governance including risk, compliance, security architecture, posture management, (strategic) threat intelligence, and more.
- Innovation Security – discussion of how application security evolves into a modern approach (including DevSecOps) and key focus areas to drive success of this capability.
- Security Governance Maturity models describing real world journeys for Security Architecture, Posture Management, and IT Security Maintenance – including specific concrete actions to help you move up to the next level
- Next Steps/Closing – wraps up the workshop with key quick wins and next steps
The CISO workshop provides security program and strategy guidance for securing the ‘hybrid of everything’ technical estate (on-premises, multi-cloud, IoT, OT, etc.)
Introduction and Overview
This video introduces the CISO workshop and provides an overview of its content.
Part A – Key Context and Fundamentals
These videos discuss threat trends, security role & responsibility evolution, and the recommended strategy and the strategic initiatives to structure your security transformation.
Threat Environment and Trends
Both the threat environment and the technical estates we operate are complex and constantly changing. Security must keep up with business and technology transformation, especially as we see ransomware and “as a service” models impacting business.
Roles & Responsibilities
This video discusses how the jobs to be done in security are evolving
Strategy and Recommended Initiatives
This video discusses the Zero Trust Transformation and modern security strategy that align to business goals, digital transformation, and cloud transformation. The 5 strategic initiatives in this video describe how to modernize your security program and capabilities using Zero Trust principles. This also includes guidance on avoiding extreme approaches that result in increased risk – skipping security completely and overly restrictive security.
Part B – Business Alignment
These videos discuss how to engage business leaders on security, align to business priorities and risks, integrate security in IT/Business and build business resilience
Engaging Business Leaders on Security
Engaging business leaders on security topics can be tricky. This video uses a role playing approach to help security leaders take a straightforward approach with business leaders in their language. This discusses attacks and risks in business language, recommendations for measuring security program success, and asking for key business leader support that security teams need. This conversation helps you position security as an enabler and a partner to the larger organization.
This video discusses how to align security priorities to business goals and existing risk management frameworks. This covers security’s dual goal of enabling business and reducing risk, as well as the various cybersecurity risk sources (and how these threats mirror legitimate organizations).
Discussion on how to successfully integrate security into IT and business processes and how to structure collaboration between security functions. This includes details on an emerging but critically important discipline of security posture management that focuses on reducing risk with visibility and preventative controls.
Business resilience is the North Star of security programs, reducing business impact by balancing security investments before, during, and after attacks.
Maturity Model – Business Alignment
This video provides a review of maturity models describing the real-world journey to improve Risk Insights, Security Integration, and Business Resilience. This includes a discussion of specific concrete actions to help you move up to the next level.
Part C – Security Disciplines
These videos discuss how to provide a clear structure for your security program using five key security disciplines
This video is a discussion of the Zero Trust approach to access control that includes strong authentication, blending identity and network access into a single approach, and the Known-Trusted-Allowed model.
This video discusses modern security operations including key success metrics, key touchpoints with business leaders and functions, and key cultural elements.
This is a discussion of key imperatives for teams that manage and secure assets, including prioritizing security based on business criticality and scaling efficiently across the large and growing set of assets in the technical estate.
This video describes Security Governance modernization and bridges the world of business goals and technology. This also covers the different components of security governance including risk, compliance, security architecture, posture management, (strategic) threat intelligence, and more.
This video discusses how application security evolves into a modern approach (including DevSecOps) and key focus areas to drive success of this capability.
Maturity Model – Security Governance
This video provides a review of maturity model for the real-world journey to improve Security Architecture, Posture Management, and IT Security Maintenance. This includes a discussion of specific concrete actions to help you move these disciplines up to the next level.
Summary & Next Steps
Wrap-up of the workshop with key quick wins and next steps
Cybersecurity Leadership Book
A comprehensive guide to becoming a world-class modern cybersecurity leader and global CISO
- Discover tips and expert advice from the leading CISO and author of many cybersecurity books
- Become well-versed with a CISO’s day-to-day responsibilities and learn how to perform them with ease
- Understand real-world challenges faced by a CISO and find out the best way to solve them
The chief information security officer (CISO) is responsible for an organization’s information and data security. The CISO’s role is challenging as it demands a solid technical foundation as well as effective communication skills. This book is for busy cybersecurity leaders and executives looking to gain deep insights into the domains important for becoming a competent cybersecurity leader.
The book begins by introducing you to the CISO’s role, where you’ll learn key definitions, explore the responsibilities involved, and understand how you can become an efficient CISO. You’ll then be taken through end-to-end security operations and compliance standards to help you get to grips with the security landscape.
In order to be a good leader, you’ll need a good team. This book guides you in building your dream team by familiarizing you with HR management, documentation, and stakeholder onboarding. Despite taking all that care, you might still fall prey to cyber attacks; this book will show you how to quickly respond to an incident to help your organization minimize losses, decrease vulnerabilities, and rebuild services and processes. Finally, you’ll explore other key CISO skills that’ll help you communicate at both senior and operational levels.
By the end of this book, you’ll have gained a complete understanding of the CISO’s role and be ready to advance your career.
What You Will Learn:
- Understand the key requirements to become a successful CISO
- Explore the cybersecurity landscape and get to grips with end-to-end security operations
- Assimilate compliance standards, governance, and security frameworks
- Find out how to hire the right talent and manage hiring procedures and budget
- Document the approaches and processes for HR, compliance, and related domains
- Familiarize yourself with incident response, disaster recovery, and business continuity
- Get the hang of tasks and skills other than hardcore security operations
Who this book is for:
This book is for aspiring as well as existing CISOs. This book will also help cybersecurity leaders and security professionals understand leadership in this domain and motivate them to become leaders. A clear understanding of cybersecurity posture and a few years of experience as a cybersecurity professional will help you to get the most out of this book.
To order from Amazon click here :
Chief Information Security Officer Workshop – Chief Information Security Officer Workshop Training – Totally Free2022 Edition