ACDA


Digital Media Security Resources

In media and entertainment we are entrusted with the creative products that constitute invaluable intellectual property. Consequently, security is everyone’s job. Unfortunately, security is filled with complex topics and jargon. DEG seeks to demystify security to give everyone a working knowledge of key concepts.

In this series, hosted by cybersecurity expert Matthew Rosenquist, CISO at Eclipz.io, and Craig Seidel, CTO at Pixelogic and Co-Chair of DEG’s Supply Chain Efficiency & Security committee, we focus on topics specific to media and entertainment. We also provide reference to resources that address more general topics.

We know people’s time is limited so we’ve created short executive-level short videos that introduce concepts. To fill in the gaps, we’ve created longer videos that dive more deeply into the same topics. We target a broad audience ranging from CEOs to individual practitioners.

We plan to release videos and other resources over time.

Questions CEOs Should Be Asking Their CISO

You might not be an expert in cybersecurity, but you’re responsible for the bottom line, and you need to know if your security program is solid. How can you tell?

Questions are an effective tool to drive important conversations, but you need the right questions to ask.

Here are the three questions Rosenquist suggests CEOs discuss with the CISO.

  • What are the organization’s cyber risk goals?
  • What are the risks?
  • What are the success metrics relative to goals and threats?

security Question CEO to CISO

In this video Rosenquist describes key questions to ask your security leads, such as your Chief Information Security Officer (CISO), to help ensure your cyber security program meets your organization’s goals. (RT 1:27)

3 Tough Questions to ask your CISO

In this video Seidel and Rosenquist discuss these questions in more detail. (RT 11:58)

Risks in Cybersecurity

Cybersecurity risks fall into the categories of Confidentiality, Availability, and Integrity. All risk aspects are relevant to business success goals and must be driving considerations for the cybersecurity teams.

Aspects of Cybersecurity Risk

Rosenquist discusses a framework for managing risk and some specific risks in this video. (RT 2:49)

Risk with Matthew and Craig

In this video, Seidel and Rosenquist delve more deeply into risks. (RT 32:08)

The Value of Cybersecurity

Security can be a significant investment for an organization. How do you know if you’re getting your money’s worth?  When deciding where to expend resources on security, it is essential to understand the value proposition of that investment. How do you know if it’s enough?

Value with Matthew

In this video Rosenquist provides context for evaluating value. (RT 0:51)

The Fallacy of Perfect Cybersecurity

Not only is security never perfect, with changing landscapes security degrades over time. Effective security requires a recognition of this true.

Fallacy of Perfect with Matthew

This video describes the nature of ongoing diligence and provides insights into the fallibilities of security systems. (RT 1:27)

Perfect cybersecurity with craig and matthew

In this video, Seidel and Rosenquist delve more deeply into the fallacy of perfect security. (RT 18:27)

DEG thanks Matthew Rosenquist for his contributions. For more, see his Cybersecurity Insights Channel. You may also enjoy his LinkedIn Learning course: 5 Biggest Mistakes of Cybersecurity Programs.

 

This work was performed for the Security Literacy Project, a subcommittee within ACDA’s Supply Chain Efficiency and Security Committee.

DEG Regular and Associate level members are invited to participate on the Subcommittees and are encouraged to submit ideas for issues to be addressed.

For more information, please email Bekah Sturm (Bekah@degonline.org).