This week: CISOs struggling to balance security, business objectives, Signs Your Organization’s Culture is Hurting Your Cybersecurity, Servant Leadership: Putting Trust at the Center, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-384

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification.

In part 1, we discuss the challenges of data inventory and classification, including:

• identifying all data sources within an organization, including databases, applications, cloud storage, physical files, etc., and documenting details like data type, location, and volume
• categorizing all data based on its sensitivity level, usually using classifications like "public," "internal," "confidential," or "restricted," which determines the necessary security measures to protect it
• prioritizing security measures and protecting critical information more effectively

Application, user, and data security are the three core components of every security program, but data is really what attackers want. In order to protect that data, we need to know where it is and what it's used for. Easier said than done. In this Say Easy, Do Hard segment, we tackle data inventory and classification.

In part 2, we discuss the steps involved in data inventory and classification, including:

• Data discovery: Identify all data sources across the organization using data mapping tools.
• Data profiling: Analyze data attributes to understand its content and characteristics.
• Data classification: Assign appropriate sensitivity levels to each data set based on predefined criteria.
• Data tagging: Label data assets with their classification level for easy identification.
• Data ownership assignment: Determine who is responsible for managing each data set.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-383

This week, we tackle a ton of leadership and communications articles: Why CISOs and Boards Must Speak the Same Language on Cybersecurity, The Hidden Costs of Not Having a Strong Cybersecurity Leader, Why Cybersecurity Is Everyone’s Responsibility, Leadership is an Action, not a Position, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-382

From online banking to mobile payments, nearly every aspect of our financial lives relies on digital systems. This reliance has brought incredible convenience, but it also means that any disruption — whether due to cyberattacks, system failures, or operational incidents— can have severe consequences.    The Digital Operational Resilience Act (DORA) provides the framework to ensure that financial entities have robust measures to withstand and recover from disruptions. By addressing vulnerabilities in this highly digitized ecosystem, DORA not only protects financial institutions but also safeguards the stability and well-being of the European society as a whole.

Madelein van der Hout, Senior Analyst at Forrester, joins Business Security Weekly to discuss why DORA is important, how prepared financial institutions are, the consequences of failing to comply, and the impact these regulations will have outside of the EU, including fines up to 2% of global annual turnover or €10 million—whichever is higher.

In the leadership and communications segment, Cybersecurity Responsibilities Across the C-Suite: A Breakdown for Every Executive, Humble Leaders Inspire Others to Step Up, Effective Communication in the Workplace, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-381