SecChat

thank you :) my first one and v interesting! Would like to know more on the skills gap and cisos focus

If you fancy talking offline about this - I'll be writing up a blog on this tonight - get in contact at hiddentext.co.uk

@SPCoulsoni will do just that :) #meatware

just noticed who you work for ... Google Qinetiq Masterclass and see what you guys did in November ;)

filling the cyber skills gap http://www.qinetiq-b... @Cyberchallenge

oh dear! I m embarrassed I didn't know this! 😳

big company - a lot to know about !

no- I'm already seeing people rolling their eyes "Yet more legislation!"

I would have agreed but am hearing it's one of a number of key reasons for taking classification

Maybe a soft reason?

Well, they must as soon it became law in the EU. The question is what fines will they face if they fail to comply

No serious fines no serious compliance

That's the fuzzy part about it I guess. Either of you seen any surveys or reports from biz on it at all?

Not so far

so true - if the fine isn't big enough then why do it

PCI DSS is quite a nice example - initial compliance was due 2007/8 and even today some companies haven't managed to comply

yup

Going to an event based on PCI DSS next week. Can get a show of hands on it maybe. Agree Stuart, if biz is happy to take a hit then they will...

Well we shall see. I'm pushing to get a survey from cisos on it. Hopefully mid year we might have something

or by the lack of overview of the systems in use

totally agree ! @Hfuhs

how big is the gap? Finding good technical pre-sales is tough!

because no company wants to invest into educating their own people

Senior analysts shouldn't be doing the basics, they should be doing the hard stuff, juniors should be doing the simple stuff

look at what I do with the cybersecuritychallenge(.org.uk) finding new talent. There are ways - even up-skilling own staff

Human stupidity

Totally - it'll be the meatware that will threaten business

Lol @ meatware! :) give the right tools to the end users to prevent them doing stupid!

no, give them no tools to prevent doing stupid things

Remove computers?

Nice idea but impractical. Provide them with a proper environment which prevents stupid things to be done

Agreed whole heartedly! So based on what we think are threats what do you think cisos will be investing in for 2016?

This is going to be a long list - lets start with Business Continuity - when the sh**t hits the fan

proper infrastruture planning and maintaining

Cisos will be looking at:
Stopping the insider threat,
Monitoring their data to see who's using it and how
Ensuring they know what to do when IT happens
Supplier reputation
Upgrading old kit when budget allows

Securing more infosec budget

So a focus on DLP and classification together with reporting?

Even just the basics - an understanding as to what needs protecting and how

they need to be dealing with security every day. Only way to promote security and drive awareness.

give them the right environment which prevents stupid things to be done