ISACA Now Blog

Knowledge & Insights > ISACA Now > Posts > Cybersecurity tweet chat

Cybersecurity tweet chat

| Posted at 10:20 AM by Dawn Gonzalez | Category: Security | Permalink | Email this Post | Comments (0)

Last week, ISACA invited a global audience to a tweet chat focusing on cybersecurity. ISACA International Vice President Ramsés Gallego acted as host. You can find the tweets from the hour-long chat below.

ISACANews
The cybersecurity tweet chat begins now! @ramsesgallego is ready to discuss all things cybersecurity. Ask/answer/engage using #ISACAcybersec

 

wendyatidrach
At my first 'Tweet chat' #ISACAcybersec - I'll have white tea, no sugar -who was meant to bring the biscuits? Let the chat begin

 

ramsesgallego
Welcome to the Tweet Chat on CyberSec. Is CyberSec the new priority? What do you think? #ISACAcybersec

 

ramsesgallego
Is Cybersec a problem or a solution? #ISACAcybersec

 

Yves_le_roux
What is the difference between Cybersecurity and IT security? #ISACAcybersec

 

human_makro
@ramsesgallego #ISACAcybersec of course has high attention at the moment due to Snowden/NSA but priorities may be elsewhere

 

vilaxavi
Isn't Cybersec a different name for IT Resilience and Confidenciality? #ISACAcybersec

 

Wendy Goucher?
@ramsesgallego Cyber sec is not defined by IT, it uses 'cyber in its processes, but is more operational

 

ramsesgallego
Sure. CyberSecurity refers to technologies, processes and practices to protect networks and assets #ISACAcybersec

 

RobertEStroud
@Yves_le_roux Is there really a difference between #itsecurity & #cybersecurity #iSACAcybersec

 

ramsesgallego
But Cybersecurity is controls, methods, procedures… Cybersec is an attitude for this changing world. #ISACAcybersec

 

Yves_le_roux
Cyber is perhaps more fashionable: Cyberwar, cyberspy,#ISACAcybersec

 

Iykchem
@ISACANews @ramsesgallego What is cybersecurity? #ISACAcybersec

 

ramsesgallego
@wendyatidrach So true. A business issue. Who’s responsible? EVERYONE! #ISACAcybersec

 

ramsesgallego
@wendyatidrach You’re right. Cybersec is about operations and how to protect and defend while enabling and facilitating. #ISACAcybersec

 

Yves_le_roux
Anyhow, cybersecurity should be aligned with all other aspects of information security within the enterprise #ISACAcybersec

 

Me1_Dr3ws
Where #infosec may refer to info outside of cyber realm, #cybersec refers to many things that may not be info. #ISACAcybersec

 

vilaxavi
Should the cybersecurity be teared apart from the global security? #ISACAcybersec Why not an integral and global approach?

 

waylum_99
looking at #cybersecurity what are the key things to cover? @ramsesgallego ? #ISACAcybersec

 

ramsesgallego
Actually, the biggest challenge is UNDERSTANDING Cybersec and not treating it like in the past. The times they’re a-changing. #ISACAcybersec

 

Yves_le_roux
The overall notion of security must be systemic rather than linear (see BMIS) #ISACAcybersec

 

ramsesgallego
@waylum_99 The key things are PROTECTING the brand, DEFENDING intellectual property, SAVING people and assets. That’s first. #ISACAcybersec

 

bethany_smith
RT @ramsesgallego: biggest challenge is UNDERSTANDING Cybersec and not treating it like in the past. times they’re a-changing #ISACAcybersec

 

ramsesgallego
@waylum_99 And then, going into threats, vulnerabilities, identities, (cyber)attacks, risk,… #ISACAcybersec

 

ramsesgallego
Have a plan for CyberSec. And it should include Communication. The business should know what will happen if… A must. #ISACAcybersec

 

Me1_Dr3ws
#ISACAcybersec so what problem do we want to tackle today? Big topic, needs focus in discussion

 

Yves_le_roux
Business case in terms of expected value and tolerable risk will determine the cybersecurity strategy used by the enterprise #ISACAcybersec

 

hazmat339
#ISACAcybersec 'Cyber' sec, like 'physical' sec, just refers to another aspect of what should be a comprehensive security program.

 

Wendy Goucher?
@ramsesgallego So are we back to training staff - or is there more about the way we organise operations that will strengthen against threat?

 

ramsesgallego
@wendyatidrach Skills are instrumental in CyberSec. Shortage of skills: a challenge. The world is changing and we must adapt. #ISACAcybersec

 

DanRaywood
Is the problem that the use of the word "cyber" defines this sector too much and is too "narrowing"? #ISACAcybersec

 

Yves_le_roux
How to provide reasonable assurance over cybersecurity?
#ISACAcybersec

 

bethany_smith
@ramsesgallego what's been the top cyber threat to enterprises in 2013? #ISACAcybersec

 

waylum_99
@ramsesgallego sounds spot on to me. All points which are covered by lots of software out there can you recommend any? :) #ISACAcybersec

 

hazmat339
#ISACAcybersec 'Cyber' sec, like 'physical' sec, just refers to another aspect of what should be a comprehensive security program.

 

ramsesgallego
@vilaxavi Of’ourse. Business is primary stakeholder but are others. Regulators, individuals, partners, media, Government… #ISACAcybersec

 

ISACANews
@Me1_Dr3ws What would you like to focus on, Mel? #ISACAcybersec

 

ramsesgallego
Some say CyberSec is just another dimension for Security but the name of the game is still PROTECT. #ISACAcybersec

 

neilstinchcombe
@ramsesgallego Without a clear communications plan and the team to deliver it a breach quickly turns into a PR disaster #ISACAcybersec

 

Wendy Goucher
@ramsesgallego I think facilitating is always a challenge - it is easier to say 'no, don't do that'

 

Me1_Dr3ws
@Yves_le_roux many compliance issues go beyond biz case, eg CIP #ISACAcybersec

 

ramsesgallego
Some say CyberSec is just another dimension for Security but the name of the game is still PROTECT. #ISACAcybersec

 

ramsesgallego
@wendyatidrach Very good point! Culture is critical for success. Again, the WAY things are done. Attitude, moral, ethics,... #ISACAcybersec

 

hazmat339
#ISACAcybersec 'Cyber' sec, like 'physical' sec, just refers to another aspect of what should be a comprehensive security program.

 

ramsesgallego
@neilstinchcombe Right. When CyberSecurity becomes CyberDisaster… and impacts the real world. So true. #ISACAcybersec

 

Wendy Goucher?
@ramsesgallego Yes, I agree, but attitude is important too - and that is about business security culture

 

human_makro
@bethany_smith @ramsesgallego top threat depends on type of business > you have to know your valuable assets and threats #ISACAcybersec

 

Me1_Dr3ws
RT @Yves_le_roux: How to provide reasonable assurance over cybersecurity? // #ISACA is good @ Audit & testing regimens #ISACAcybersec

 

Yves_le_roux
@Me1_Dr3ws Anyhow, you select a tolerable risk. You are not able to give a 100% assurance of non failure at reasonable cost #ISACAcybersec

 

InfosecManBlog
Industrial Cybersecurity is a challenge in all of our industrial organizations and must be addressed adquately @info_cci #ISACAcybersec

 

boldonjames
@bethany_smith accidental threats like internal people sending out sensitive information into the public domain! huge problem #ISACAcybersec

 

Iykchem
#ISACAcybersec what are the prospects of cybersecurity certifications??

 

chrisditner
This question made me stop & think RT @ramsesgallego: Is Cybersec a problem or a solution? #ISACAcybersec #cybersecurity

 

ramsesgallego
@InfosecManBlog @ISACANews Hmm… ‘Industrial’ Cybersecurity… When security impacts supply chains…. and real world scenarios #ISACAcybersec

 

Me1_Dr3ws
#ISACAcybersec I see failures to understand tru risks as a challenge in building support for #cybersec initiatives

 

Iykchem
@InfosecManBlog @ISACANews @info_cci Addressing cybersecurity requires knowledge and skill. I think there is a gap currently.#ISACAcybersec

 

ramsesgallego
#ISACAcybersec = Prepare, Detect, Analyze, Contain, Eradicate, Recover, Post-Incident Activity… and Start again

 

Me1_Dr3ws
RT @Iykchem: #ISACAcybersec what are the prospects of cybersecurity certifications?? // many exist. You want licensing?

 

ramsesgallego
Great video of ISACA’s Ron Hale talking about Cybersec on BBC World News. See here: tinyurl.com/m8p5kg4 #ISACAcybersec

 

DanRaywood
#ISACAcybersec look at what @451wendy said last month "we are giving up on prevention in favor of detection" twitter.com/451Research/st…

 

waylum_99
@ramsesgallego @InfosecManBlog couldnt agree more! people need to know the sensitivity of certain information #ISACAcybersec

 

Iykchem
#ISACAcybersec what are the most common cyber attacks currently facing the banking and financial industry globally?

 

Me1_Dr3ws
#ISACAcybersec I see failures to understand tru risks as a challenge in building support for #cybersec initiatives

 

ramsesgallego
@waylum_99 I meant a ‘new priority’ for business although it has always been about PROTECTING while ENABLING. #ISACAcybersec

 

Me1_Dr3ws
#ISACAcybersec I see failures to understand tru risks as a challenge in building support for #cybersec initiatives

 

ramsesgallego
@Iykchem @waylum_99 @InfosecManBlog @ISACANews Huge meaning that implications are/could be massive, right? #ISACAcybersec

 

waylum_99
@ramsesgallego in that case it certainly is a growing demand. We have seen this with @boldonjames inquiries for labelling #ISACAcybersec

 

Me1_Dr3ws
RT @Iykchem cybersecurity requires knowledge and skill. I think there is a gap // Universities r only getting startd on this #ISACAcybersec

 

ramsesgallego
One of the problems with cyberattacks are ‘the unknown unknowns’. So, get ready. They change, you prepare. Right mindset. #ISACAcybersec

 

InfosecManBlog
... and infrastructures! @waylum_99 @ramsesgallego couldnt agree more! people need 2 know the sensitivity of certain info. #ISACAcybersec

 

ramsesgallego
Some talk about APT (Advanced Persistent Threats). OK. How Advanced & Persistent are you and your business? Be advanced, too. #ISACAcybersec

 

bethany_smith
Cybersecurity futurist David Lacey addresses APT issues in today’s ISACA Now Blog ht.ly/qi0Xj #ISACAcybersec

 

ramsesgallego
In the world of Cybersecurity, forensic analysis is so critical. To learn. To avoid next one. #ISACAcybersec

 

ramsesgallego
In the world of Cybersecurity, forensic analysis is so critical. To learn. To avoid next one. #ISACAcybersec

 

Iykchem
#ISACAcybersec As we talk Cybersecurity, lets also think continuous monitoring and control working as intended.

 

ramsesgallego
And talking about identity… this is so critical in the cyberworld. #ISACAcybersec

 

ramsesgallego
Identity means everything ‘out there’. Proper authentication and authorization are critical to success. One to address asap. #ISACAcybersec

 

ISACANews
"It will take a major incident for the reality of our exposure to hit home." David Lacey in #ISACA Now Blog. Your thoughts? #ISACAcybersec

 

AxessLAN
@Yves_le_roux they are one in the same in my book. #ISACAcybersec

 

Me1_Dr3ws
So many critical issues one could almost write a book - hey! #ISACAcybersec

 

ramsesgallego
@AxessLAN Right. Management & Governance of CyberSec. Strategy & tactics. The ‘What’ and the ‘How’. IT & business together. #ISACAcybersec

 

vilaxavi
Isn't Cybersec a different name for IT Resilience and Confidenciality? #ISACAcybersec

 

Me1_Dr3ws
RT @ISACANews: "It will take a major incident for the reality of our exposure to hit home." David Lacey - thoughts? True #ISACAcybersec

 

ramsesgallego
@AxessLAN I’d say that it has to protect, embbed, facilitate, enable, connect,… data & people, business & consumers. #ISACAcybersec

 

ramsesgallego
@AxessLAN That’s the real priority 4 Cybersec. Protecting & defending while enabling & facilitating. On prem & in the Cyber. #ISACAcybersec

 

Iykchem
#ISACAcybersec For Cybersecurity to be successful, it must follow a top-down approach. This is synonymous to security governance.

 

AxessLAN
@Yves_le_roux It starts with the idea that #cybersecurity is this endless circle. It is a wholistic process #ISACAcybersec

 

Me1_Dr3ws
When #cyber compromise treated as a cost within acceptable limits there's no motive to do better #ISACAcybersec

 

ramsesgallego
13 minutes left and lots to go through. Does mobility make it better or worse? #ISACAcybersec

 

Iykchem
#ISACAcybersec For Cybersecurity to be successful, it must follow a top-down approach. This is synonymous to security governance.

 

AxessLAN
@ramsesgallego it doesn't change a thing. #ISACAcybersec we have bigger issues to worry about than mobile atm.

 

ramsesgallego
When we factor in the Cloud… what happens with CyberSec? Is it a source or problems or just a consequence? #ISACAcybersec

 

AxessLAN
#cybersecurity is a wholistic endless process. #ISACAcybersec

 

Iykchem
@ramsesgallego #ISACAcybersec I would say better but with more demand on security.

 

Iykchem
#ISACAcybersec For Cybersecurity to be successful, it must follow a top-down approach. This is synonymous to security governance.

 

Me1_Dr3ws
I think C-suite is still seeing #cybersec as a cost rather than a biz enabler #ISACAcybersec

 

AxessLAN
@ISACANews I would argue no matter how many incidents there are, the state of mind is reactive not proactive security. #ISACAcybersec

 

AxessLAN
@Iykchem don't forget continous testing and assessments. #pentests should be a requirement, not a nice to have. #ISACAcybersec

 

ramsesgallego
@WaleMicaiah @AxessLAN It’s about the right balance. Protecting is a must. But there’s a point when have to keep enabling… #ISACAcybersec

 

waylum_99
@AxessLAN @ramsesgallego simple solution. Prevent mobile devices from showing 'top secret' information #ISACAcybersec

 

WaleMicaiah
@ramsesgallego #ISACAcybersec It becomes a consequence.,....just thinking.

 

AxessLAN
@ramsesgallego @WaleMicaiah @ our firm we practice what we preach. we encourage our team members to attack our infrastructure #ISACAcybersec

 

Iykchem
#ISACAcybersec I believe when APTs and cloud services are factored in Cybersecurity becomes a better rounded concern.

 

ramsesgallego
@WaleMicaiah @AxessLAN See it as the positive side of security: facilitating, connecting, building bridges… for IT & business #ISACAcybersec

 

Me1_Dr3ws
#2FA is a positive use of mobile, but not sure how mobile could otherwise make #cybersec better. #ISACAcybersec

 

AxessLAN
@WaleMicaiah @ramsesgallego there is NO SUCH LINE. BAD does not discriminate. Good guys play by the rules. Bad guys don't #ISACAcybersec

 

ramsesgallego
@waylum_99 @AxessLAN Right. Then, we are talking about data-centric security. Data-oriented protection. Good. #ISACAcybersec

 

AxessLAN
@waylum_99 @ramsesgallego Good luck with that in a #BYOD world. #ISACAcybersec

 

WaleMicaiah
@AxessLAN @ramsesgallego #ISACAcybersec
..that sounds great....but the result of the assessment, what about it?

 

waylum_99
#ISACAcybersec great discussions going on! looking forward to #ISACANA next week. Who else is going?

 

AxessLAN
@WaleMicaiah @ramsesgallego the results of anyones findings mean we close the gaps. #ISACAcybersec It's a culture issue at our firm.

 

AxessLAN
@WaleMicaiah @ramsesgallego we encourage FAILURE. We want to fail at our own hands. Not our enemies. #ISACAcybersec

 

AxessLAN
@WaleMicaiah @ramsesgallego If you don't fail, you won't succeed. #ISACAcybersec

 

waylum_99
@AxessLAN @ramsesgallego its doable provided the right business policies are put in place when using #dataclassification #ISACAcybersec

 

Me1_Dr3ws
@ramsesgallego: @waylum_99 @AxessLAN Data-oriented protection leaves out critical safety devices. #ICS #ISACAcybersec

 

AxessLAN
@WaleMicaiah @ramsesgallego Remember Thomas Edison on & the lightbulb? #ISACAcybersec

 

AxessLAN
@WaleMicaiah @ramsesgallego "I have not failed. I've just found 10000 ways that won't work." Edison #ISACAcybersec

 

AxessLAN
@waylum_99 @ramsesgallego policies are useless when you are dealing with management and culture who don't want to hear it. #ISACAcybersec

 

Me1_Dr3ws
Any last thoughts on evaluating #security culture? #ISACAcybersec

 

WaleMicaiah
@AxessLAN @ramsesgallego #ISACAcybersec Great process..have u had issues with legacy syswhere vuls found on dem are closed at owners' peril?

 

Iykchem
#ISACAcybersec Cyber Security or Cybersecurity? Any difference

 

ramsesgallego
@AxessLAN @waylum_99 A culture with no policies, no listening, no willingness to help, no Governance…it’s doomed, IMHO. #ISACAcybersec

 

AxessLAN
@WaleMicaiah @ramsesgallego we are fortunate we have not encountered any legacy infrastructure. we're too new. #ISACAcybersec

 

WaleMicaiah
@AxessLAN @waylum_99 @ramsesgallego #ISACAcybersec
....just thinking, who approved the policy in the 1st place and who bear the risk?

 

AxessLAN
@ramsesgallego @waylum_99 a culture and management unwilling to change is dead on arrival. #ISACAcybersec

 

ramsesgallego
VERY useful information from #ISACA about Cybersecurity in here: tinyurl.com/m7jv3wz #ISACAcybersec

 

waylum_99
@AxessLAN @ramsesgallego 'when something terrible happens' is when they will act. Financial reports on mobile good idea? #ISACAcybersec

 

ramsesgallego
@AxessLAN @WaleMicaiah And you have to execute. Edison’s ‘A vision without execution is a hallucination’. #ISACAcybersec

 

ramsesgallego
In the world of Cybersecurity, forensic analysis is so critical. To learn. To avoid next one. #ISACAcybersec

 

WaleMicaiah
@ramsesgallego #ISACAcybersec
Mobility is an enabler, it introduce another dimension into security....security on the go is very important!

 

AxessLAN
@WaleMicaiah @waylum_99 @ramsesgallego #blame #management. #ISACAcybersec

 

Iykchem
@ramsesgallego @waylum_99 @WaleMicaiah @AxessLAN It has been a good one today.More of this @ISACANews .Thanks people!!! #ISACAcybersec

 

WaleMicaiah
@AxessLAN @ramsesgallego #ISACAcybersec
Great bro....good work!

 

ISACANews
@waylum_99 Obviously, we'll be at N.A. Information Security and Risk Management Conference, Wesley. See you in Las Vegas! #ISACAcybersec

 

waylum_99
@AxessLAN @ramsesgallego 'without law and order man has no freedom' #ISACAcybersec

 

AxessLAN
@waylum_99 @ramsesgallego it's not much better than when people travel and talk about unreleased SEC filings on an airplane. #ISACAcybersec

 

ramsesgallego
@WaleMicaiah And you just need the right framework, mindset, attitude. COBIT 5 is an awesome help. #ISACAcybersec

 

ramsesgallego
Thanks again for joining. It was great. Stay tuned for future Tweet Chats. Great ideas. just 1 hour. Pleasure. #ISACAcybersec

 

Me1_Dr3ws
RT @WaleMicaiah: @ramsesgallego #ISACAcybersec
Mobility is an enabler, it introduce another dimension into security.. > Data in the go

 

AxessLAN
@ramsesgallego @WaleMicaiah I love that! #ISACAcybersec

 

AxessLAN
@WaleMicaiah @ramsesgallego thanks, but it's a endless #cybersecurity process for us. #ISACAcybersec

 

ramsesgallego
Thank you all for your participation. as we near the end of #CyberSecMonth. #ISACAcybersec

 

Me1_Dr3ws
Thx all #ISACAcybersec

 

ISACANews
Our hour is up—that was fast. Thanks to all who joined us for today's tweet chat and special thanks to @ramsesgallego. #ISACAcybersec

 

WaleMicaiah
@ramsesgallego #ISACAcybersec
Very true......I also recommend CAG - - - 20 Cyber Security Controls. Very important! @Iykchem

 

ramsesgallego
VERY useful information from #ISACA about Cybersecurity in here: tinyurl.com/m7jv3wz #ISACAcybersec

 

ISACANews
Want more? Find a wealth of #ISACAcybersec resources here: ht.ly/qi3kl

 

waylum_99
@WaleMicaiah @AxessLAN @ramsesgallego good thought. IMHO it should be Risk Management, IT Management #ISACAcybersec

 

WaleMicaiah
@ramsesgallego #ISACAcybersec
Thanks man. Cheers.

 

AxessLAN
@ramsesgallego thanks for hosting the chat. #ISACAcybersec

 

Iykchem
@ISACANews @ramsesgallego Thanks Rames!!! Nice one really. #ISACAcybersec

 

ramsesgallego
@AxessLAN It was truly a pleasure. Thanks for joining. Keep in touch. More to come. #ISACAcybersec

 

waylum_99
@ISACANews @ramsesgallego Thanks all! Great idea! Love to see more specifically views on #dataclassification #ISACAcybersec @boldonjames

 

ramsesgallego
@WaleMicaiah Thank YOU for attending. We shared and we learned. Enjoyed. More in the future. #ISACAcybersec

 

waylum_99
@WaleMicaiah @AxessLAN @ramsesgallego ...and #CISO #ISACAcybersec

 

ramsesgallego
@Iykchem @ISACANews It was done for you and by you, actually. Many thanks for coming. #ISACAcybersec

 

WaleMicaiah
@ramsesgallego @Iykchem @ISACANews#ISACAcybersec
Please when is the next?

 

AxessLAN
closing thoughts. We need to stop the culture of "US vs THEM" when it comes to #cybersecurity. It should be "US vs Bad Guys" #ISACAcybersec

 

WaleMicaiah
@ramsesgallego @Iykchem @ISACANews #ISACAcybersec
We should do this more often, please.

 

InfosecManBlog
Beyond PPP: #C3R, Collaboration, Coordination & Commitment based Relationships are a key aspect on improving Cybersecurity #ISACAcybersec

 

waylum_99
@AxessLAN @WaleMicaiah @ramsesgallego Very fair comment indeed :) #ISACAcybersec

 

ramsesgallego
#ISACAcybersec = Prepare, Detect, Analyze, Contain, Eradicate, Recover, Post-Incident Activity… and Start again

 

Iykchem
#ISACAcybersec For Cybersecurity to be successful, it must follow a top-down approach. This is synonymous to security governance.

 

ISACANews
Stay tuned for details on accessing an archive of today's #ISACA cybersecurity tweet chat. #ISACAcybersec

 

Iykchem
#ISACAcybersec For Cybersecurity to be successful, it must follow a top-down approach. This is synonymous to security governance.

 

Me1_Dr3ws
#ISACAcybersec I see failures to understand tru risks as a challenge in building support for #cybersec initiatives

 

hazmat339
#ISACAcybersec 'Cyber' sec, like 'physical' sec, just refers to another aspect of what should be a comprehensive security program.

 

ramsesgallego
Some say CyberSec is just another dimension for Security but the name of the game is still PROTECT. #ISACAcybersec

 

ISACANews
Want more? Find a wealth of #ISACAcybersec resources here: ht.ly/qi3kl

 

 

Comments

There are no comments yet for this post.
You must be logged in and a member to post a comment to this blog.
Email