We got a message from a listener asking for some discussion about putting the data first and securing it with that mind - the inside out, rather than looking at the perimeter and infrastructure and working back toward the data - outside in.And since we love our listeners and your feedback, we took the chance to cover this topic in depth. In the process we also covered:Data Loss Prevention - Is it possible to improve this without the painful data classification, startup work or culture change?When doing data analysis for attacks (or fraud) you have to account for the fraud already baked in the normal you know todayWe can’t meaningfully count on IP address for geography…thanks to security asking for more use of VPNs The pros and cons and risks to ponder when securing data in on premise vs. cloud/SaaS arrangementsWhen is the right time to establish a security team in a growing company? And how bad will the data sprawl be when they arrive?Will the CTO/CIO and the CISO merge into a single role? Will the CIO report to the CISO eventually? It depends, of course, on the people and the organisationControls today may not be the controls we need for tomorrowWe try to secure things, but there’s also important value in good use of data to improve a businessSunk cost fallacy and Security: when to burn it all down and start overAudit is the best friend of the CISO: a new set of eyes and accountability partner makes all the differenceDan also goes on a small tirade over the way security professionals use the term “the business” as something distinct from the security team that is absolutely part of the business itself. Enjoy that soapbox moment. We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.Thanks for listening!Support The Great Security DebateLinks:The Security of Cloud Services and SaaS in 2021 – Part 1 – SecraticThe Great Security Debate Episode 33: Log4Jelly of the Month ClubThe Future Of The CISO — Six Types Of Security LeadersAmazon.com: Rocket Fuel: The One Essential Combination That Will Get You More of What You Want from Your Business: 9781942952312: Wickman, Gino, Winters, Mark C.: BooksThe Sunk Cost Fallacy - The Decision LabAmazon.com: The Infinite Game eBook : Sinek,

Ver todos los episodios