Have you ever done an inventory of your digital infrastructure?
Sort by:
I think knowing your infrastructure is one thing, but I think knowing how you are seen by the bad actors will be an exercise in futility. It's going to be too hard to do that. You'll see differently from the majority of the bad actors. I tell the rest of my executives, peers, and my board that locks are for honest people. At some point, it is not if, it is when. And we've got to be prepared for the incident when it happens.
You have to know your infrastructure. I’m both CIO and CISO, so when I joined the company I went through all of my technology organizations to get an accounting of all of the assets and what they're for. I wanted accounting in all the accounts and to make sure that we'd off-boarded everybody we needed to. Now I'm looking at tools to reduce licenses when people don't need them, which reduces the security footprint and saves money. Those are the things that matter the most.
Andrew - Would you be interested in talking to the founder who is mapping out digital infra and doing the external monitoring. He might benefit from your expertise.
I had the same discussion with a buddy of mine who is in the security space. He said that for anything he built, before going to any of the companies he would first get a lay of the land in terms of digital infrastructure and how a bad actor sees into your infrastructure.
That is the starting point to establish how you can start preventing, and then protecting, etc. I don't think organizations are even doing that. I'm not sure. I don't think I have done it and we have looked at it.