El Diario del CISO El Diario del CISO (The CISO Journal) Edición 34 | Page 8

EL DIARIO DEL CISO (THE CISO JOURNAL) Pensando y Trabajando por un Líder de Seguridad Digital diferente INFLUENCERS Tip Toeing Through Cyber Insurance Edward Amoroso Founder & CEO, TAG Cyber LLC “If you took all the men and women employed in the U.S. insurance industry and laid them head to toe, starting on New York’s William or John Street – the little-talked- about insurance industry equivalents of neighboring Wall Street – they would stretch up the West Side Highway, head to toe, over the George Washington Bridge into N.J., down the N.J. Turnpike to the Pa. Turnpike, across Pa. into Ohio, through Ohio along Interstate 80 past Chicago, past Des Moines, past Lincoln, Nebraska – still head to toe, one after another – past Cheyenne, Wyoming to someplace just shy of Salt Lake City.” With that line, typed in 1982, probably with WordPerfect, Andrew Tobias began the best book ever written on insurance: The Invisible Bankers. If you’ve never read the book, I heartily recommend you grab an old copy. Most references and numbers are dated – a $20K salary, for example, is listed as a decent wage. But the concepts remain super relevant. And for those of us in the cyber security industry, education on insurance is essential. Reading Who’s the subject of the latest data breach? A: Quora Kim Crawley Cybersecurity writer at The Threat Report, Cylance, Venafi, Tripwire Marriott breach fallout includes renewed calls for US privacy law, class-action lawsuits Ryan Chiavetta, CIPP/US Marriott International discovered a data breach within its Starwood reservation system that could have potentially compromised the information of 500 million customers. Unsurprisingly, given the scale of the incident, responses to the breach have been strong and swift. Lawmakers on Capitol Hill have cited the Marriott Breach as another reason why the U.S. needs federal privacy rules. Senate Intelligence Committee Vice Chair Mark Warner, D- Va., said the incident should strengthen Congress' resolve to pass laws that require data minimization and "ensure companies account for security costs rather than making their consumers shoulder the burden and harms resulting from these lapses.” Warner's sentiment was shared by Sen. Richard Blumenthal, D-Conn. Reading Security in Software Development and Infrastructure System Design Edwin Tunggawan I've just spent the past few days pre-occupied with the Marriott Editor of Cermati Tech International data breach, one of the largest known data breaches yet. Here’s what I wrote recently: “Now the latest big data breach story is about Marriott, a very large international hotel chain. The breached data pertains to people who have stayed at Starwood Hotels and Resorts properties at least once between 2014 (no approximate date is given) and September 10th, 2018. If you didn’t stay at a Marriott branded hotel during this time period, there’s still reason for you to be concerned. The Starwood Hotels and Resorts chain includes the W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, Element Hotels, Aloft Hotels, The Luxury Collection properties, Tribute Portfolio properties, Le Méridien Hotels & Resorts, Four Points by Sheraton, and Design Hotels. Interestingly enough, although the press release reporting the breach is under the Marriott International name, Marriott-specific data wasn’t involved in this breach because the Starwood and Marriott reservation databases are still separate.” Reading The 4 Pillars of a Lasting Cyber Security Transformation JC Gaillard Founder and MD - @CorixPartners Simply throwing money at the problem is rarely the answer Nowadays, the concerns regarding security and privacy are growing among the users of technology. Considering that Cermati is a financial technology company, security is one of our main concerns when designing and implementing our system due to the amount of sensitive financial data we’re handling. The idea of this article came from a coworker of mine  —   our engineering manager, Michaela Nathania. She told me that she’d like me to share about information security to our engineering team, either by talking in our internal tech talk or by writing. I consider myself a better writer than speaker, and I think writing it down will allow me to deliver the message in a more scalable way for the long term. So here it is in the form of an article. Reading Many CIOs and CISOs would have come across this situation after an incident, a serious near-miss or a bad audit report: Suddenly, money and resources  —   which were previously scarce  —   appear out of nowhere, priorities shift, and senior executives demand urgent action around cyber security. It is probably the dream of many CISOs to inherit one day such transformational challenge where money is  —   apparently  —   no object. In practice, however, it can also be a curse if you fail to deliver. What are the key factors in driving successful transformation around cyber security? Reading www.cisos.club [email protected]