<img height="1" width="1" style="display:none" alt="" src="https://www.facebook.com/tr?id=367542720414923&amp;ev=PageView&amp;noscript=1">


CISO Logo (16)

Exclusive interview with Steven Sim, President, ISACA Singapore

0628 CISO ASEAN Speakers (3)

1. Describe a way that you help any organisation understand the value of cybersecurity?

Take a risk-optimisation approach in maximising business benefits while optimising resources and risk. Cybersecurity is essentially a risk game. Hence, the alignment between the optimisation of enterprise risk and the optimisation of IT risk is essential. Cybersecurity is of greatest value when it allows the business to meet its risk appetite while achieving its business goals using the optimal amount of resources.

2. In what ways have you noticed a fundamental shift towards cybersecurity within any organisation? Can you give me an example?

Over the last few months, there had been quite a number of third-party or supply chain breaches. The fundamental shift towards cybersecurity is the growing awareness that protecting our own enterprise is not enough and this protection has to be extended to your third-party or even fourth-party supply chain. In a world affected by the pandemic, increased cloud adoption increases the reliance on cloud service providers down the supply chain.


3. What strategies do you employ to keep current in a technological environment which is rapidly changing and developing?

It is not just about technology, but also processes and people. Join a community of practice such as an ISACA chapter or an ISAC for the collective source of intelligence. In this dynamic environment where the threat landscape can fluctuate on a daily basis, having timely intelligence and knowledge allows threats and incidents to be timely addressed before they snowball into a catastrophe of significant business impact.


4. How do you determine what technology to invest in and how can you stay current with all the changes?

As shared earlier, it all starts off with the adoption of a risk-based approach such as that encompassed in the COBIT risk management framework, and that entails threat modelling as part of risk identification process. Relying on a threat modelling approach that utilises the MITRE ATT&CK framework is one of the good ways to determine which technologies are complements and which are overlaps against specific techniques. It makes sense to optimise technologies to maximise coverage of the tactics, techniques and procedures.


5. When it comes to recruitment what approach to take to track and keep the best? What do you feel they value?

When it comes to the recruitment of cybersecurity professionals, it is best when there is alignment between the employee’s aspirations with the company’s goals. Keeping the best meant keeping the employee continually challenged enough, where the employee is developed in his mindset, skillsets and so long as everyone speaks the same risk language, and the RACI is clear, then the company would be able to track and keep the best because the employee will feel valued.



Terms & Conditions
The following Terms and Conditions (“Terms”) apply to you or your proxy in relation to your registration for this Corinium Global Intelligence (“Corinium”) offer. The definition of “registration” for purposes of these Terms will include all anyone who completes the above form. By entering your contact details, you agree to these Terms.

Disclosure of your information
You agree that we have the right to share such portions of your personal information as may be appropriate with selected third parties including:
- Business partners
- Suppliers
- Sub-contractors for the performance of any contract we enter into with either them or you.
- Professional organizations involved in the provision of services for the event contracted for, such as, for example Webinar.net.
- Sponsors - we may share your information with event sponsors who may contact you in relation to special offers, products and services related to your role within your company. You may also opt-out at any time by emailing info@coriniumintel.com

Data protection
The personal information shown and/or provided by you will be held in a database. It may be used to keep you up to date with developments in your industry. Sometimes your details may be obtained or made available to third parties for marketing purposes. If you do not with your details to be used for this purpose, please email us at info@coriniumintel.com