Security doesn’t stop with building “walls.” Security professionals can become obsessed with adding new, bigger layers of defense.
It's rather like how medieval architects enhanced the security of their castles by building additional rings of walls and towers, or as in GoT ‘The Wall’ was built to protect the Seven Kingdoms.
Let’s deconstruct the current security landscape and the tools that are used to help protect and fortify your organization’s valuable data. What are the types of threats your organization faces? What are the frameworks and resources(controls) available to help identify best practices for your organization?
“Winter is coming,” was the familiar mantra of House Stark, one of the Great Houses of Westeros in Game of Thrones (GoT). These are words of warning and a call to remain vigilant. What are the lessons that we could take away from GoT to teach us about modern day Cybersecurity?
- Identifying the Cybersecurity Landscape
- Understanding Advanced Persistent Threats (APTs) and the position of Malware
- Comprehending Firewalls, Intrusion Detection, Intrusion Protections and their role in Cybersecurity
- Recognizing malicious insiders and external threats
- Identifying security frameworks to identify best practices
ISACA Board Director, Pam Nigro is the senior director of information security focusing on the GRC practice at Heath Care Service Corporation (HCSC), the fourth largest health insurance company, where she is responsible for information technology/information security risk and compliance testing.
Successively, she inaugurated automated IT and cybersecurity controls/testing/analytics program for Agile/DevSecOps, and designed compliance checks in a digital chain of custody for transparency of code movement through the release pipeline to enable compliant code release velocity for the five Blue Cross Blue Shield Plans Illinois, Texas, New Mexico Oklahoma, and Montana, which comprise HCSC.
Prior to HCSC, Nigro joined the Systems and Process Assurance (SPA) practice at PwC where she served both audit and non-audit clients. She is a recognized subject matter expert in HIPAA, HITRUST, SOC 1, SOC 2, Sarbanes-Oxley (NAIC-MAR), and IT/cybersecurity controls and risk assessments. Nigro is also an adjunct professor at Lewis University in Illinois, USA, where she teaches graduate-level courses on information security, ethics, risk, IT governance and compliance, and management of information systems in the MSIS and MBA programs. At ISACA, Nigro held various board positions for the Chicago Chapter, including chapter president, and is chair of the ISACA Chicago Women’s Forum (SheLeadsTech). She is a frequent trainer for ISACA at both the chapter and international levels. She also served on the ISACA International Chapter Services Working Group.
Nigro received her MBA from Stuart School of Business at Illinois Institute of Technology in Chicago, Illinois. She has more than 25 years of experience in the information technology industry and holds numerous IT certifications. Nigro is also a member of Toastmasters International and has held numerous Toastmasters leadership positions, culminating in her achievement of her “Distinguished Toastmaster” award. She is a frequent speaker at industry conferences such as ISACA’s CACS and CSX events, ISACA and The IIA’s Governance, Risk and Control (GRC) Conference, IIA’s All-Stars Conference, and local ISACA and IIA chapter meetings.