
Cyber Consulting Room
The Cyber Consulting Room Podcast and Meetup Network is your gateway to a world of knowledge and collaboration in the ever-evolving realm of cyber security and consulting. Our podcast, hosted by Gordon Draper, brings you in-depth interviews with industry leaders, experts, and trailblazers, offering invaluable insights, strategies, and experiences. From award-winning professionals to those paving the way for diversity in the field, we delve into the most pressing issues and emerging trends. But we're not just a podcast; we're a network, connecting like-minded individuals through our Meetup events. Here, you can engage in lively discussions, share expertise, and build your professional network in a supportive and enriching community. Whether you're an established consultant or just beginning your journey in the field, The Cyber Consulting Room Podcast and Meetup Network is your go-to source for staying informed and connected in the world of cyber security and consulting. Join us on this exciting journey, and let's learn and grow together.
Cyber Consulting Room
The Best Practices for Navigating Governance, Risk, and Compliance in Cybersecurity with Chris Hows
Is your cybersecurity strategy truly protecting your business, or just checking boxes? In today’s fast-paced digital landscape, threats evolve faster than updates, and staying compliant can feel like a maze.
In this episode of the Cyber Consulting Room podcast, host Gordon Draper speaks with Chris Hows, Principal Governance, Risk, and Compliance (GRC) Consultant at Mercury Information Security Systems. Chris shares his unconventional journey into cybersecurity, emphasizing the importance of GRC in enhancing organizational cybersecurity. He discusses the significance of understanding various standards, risk management, and aligning security controls with business objectives. Chris also highlights the challenges of compliance, the necessity of tailoring GRC frameworks to specific needs, and offers practical advice for aspiring cybersecurity professionals. The episode provides valuable insights into the critical role of GRC in cybersecurity.
In This Episode:
- (00:28) Chris's journey into cybersecurity
- (01:14) Educational path to GRC
- (02:07) Advice for aspiring cybersecurity professionals
- (02:54) Defining governance, risk, and compliance
- (04:19) Understanding compliance challenges
- (14:39) Benefits of the ASD essential framework
- (16:30) Challenges of implementing ISO frameworks
- (17:40) Understanding control intent
- (22:44) Zero trust principle
- (24:14) Identifying cybersecurity risks
- (29:47) Shared responsibility model
- (39:33) Software compliance and updates
- (41:11) Regulatory evolution in cybersecurity
- (42:18) Accountability for cybersecurity
- (43:37) Best practices for compliance
- (45:17) Intent behind compliance frameworks
Notable Quotes
- [05:10] “If you just try to tick a box, potentially you might actually miss one of the core foundational things of what you're trying to do.” - Chris
- [11:42] “Each business does need to sit down and decide how much risk is appropriate for them based on their context and based on how much they're potentially able to lose.” - Chris
- [21:19] “You really need to understand what your threat is and tailor your risk assessment and controls to your needs.” - Chris
- [24:14] “Phishing is so insidious because it’s very simple to double-click on that document someone sent you, and then the game’s already over.” - Chris
- [37:02] “Privacy is an ever-increasing area of regulation. In Australia, it's being looked at again, and we might see something like GDPR coming in the future.” - Chris
- [45:17] “A lot of the things that I've seen is, what would a reasonable person do? If it was your information, would you be happy with these controls in place?” - Chris
Resources and Links
Cyber Consulting Room
Gordon Draper
- https://cybermarket.com/
- https://www.linkedin.com/in/gordondraper/
Chris Hows
- For more episodes like this visit https://cyberconsultingroom.com
- You can find more information about Cyber Consulting Room Podcast Host at https://www.linkedin.com/in/gordondraper/