Site icon IT World Canada

Do ‘mundane tasks’ before buying products, CISOs advised

A CISO panel at siberXchange: Clockwise from bottom left John Pinard, Sherry Rumbolt, Mohsen Azari and Jonathan Nguyen-Duy

The COVID-19 crisis has meant, where possible, employees had to start working from home suddenly. That may continue if the pandemic lengthens, and for organizations trying to save money, it may become permanent.

For some CISOs, that means a lot of scrambling to equip employee’s computers with extra security software and buttress data security.

But infosec pros worried about having control over those working remotely have been warned that doing the basics — the “mundane tasks” — come before buying products. Understanding where critical data assets are and then creating a risk management strategy come first, Jonathan Nguyen-Duy, Fortinet’s global field CISO, told an online conference Thursday.

“Before you think about control, make sure you understand what you have, the nature of its criticality, the risks associated with that and then apply appropriate security controls,” he said.

The biggest mistake he made early in his career, he added, was buying technology first before doing these things.

He was speaking on a panel for CISOs during a week-long series of webinars called siberXchange, run by Richmond Hill, Ont., based siberX, which produces cybersecurity events. The conference ends today with a session about smart cities.

Related:

‘Remote working is here to stay

 

Several of the CISO sessions dealt with the impact of the pandemic on their organizations, and the advice of infosec leaders on how to protect organizations during a time of upheaval. Here are some highlights:

Exit mobile version