CISO Forum: Ask Me Anything - August 2022

Need to catch up on the latest CISO Forum? Watch Director of ISPG and Chief Information Security Officer Rob Wood, and guest host, Director of Division of Security & Privacy Compliance Keith Busby explore questions and answers in the August 2022 edition of Ask Me Anything. Use the timestamp list below and fast forward to the questions you’re interested in.

TIMESTAMPS

00:03:14    NIST is recommending a software labeling standard to view trustworthiness of a software supply train. What are your thoughts on having a FICO score-like capability for software?

00:07:25    How does EIS scoring shape the development of cybersecurity modernization?

00:13:42    If software scoring is not appropriate to communicate software trust, what would a more appropriate method be to communicate software trust to software consumers?

00:21:37    What is a CISO interested in retrieving from a laptop involved in a suspected data exfiltration incident?

00:25:19    Is there a forensics team that works with the Office of General Counsel to assist with the general data extraction?

00:26:23    Does CMS have a dedicated ransomware response team?

00:32:24    How is the agency securing mobile devices from attacks? What visibility do you have into the risks on mobile devices? Are you able to integrate mobile threat data with your current security reporting systems for further analysis?

00:34:15    What is the role of automation in cybersecurity?

00:39:54    Are there any opportunities for staff at CMS working on security to work on skills outside their areas being worked on by other teams?

00:47:14    During this time where cybersecurity is such a hot topic, are you driving teammates into other cyber-focused professions?

00:53:50    How do operations teams remain aligned with cyber teams?

00:55:45    Do you build/develop/maintain mobile apps, and how do you avoid publishing mobile apps with security and privacy vulnerabilities that can be exploited?