A SaaS company buys enterprise ChatGPT for 800 staff and strangely only uses 30 seats. A corporate signs annual risk exemptions for five years until the exception list itself is mistaken for a working security process. Same root cause, two symptoms.
Compliance is not security. Security culture is company culture. If your employees do not trust their managers, no policy you write will save you.
Lieuwe Jan Koning, Co-founder and CTO at ON2IT Cybersecurity, sits down with Sina Yazdanmehr, Founder and Managing Director of Aplite GmbH, on why security policy depends on trust, why a signed risk acceptance is a legal act, and what a leadership cadence on security communication actually looks like.
Timestamps
00:00:00 Introduction 00:02:20 When risk exceptions become culture 00:07:50 Turning a five-year exemption list around 00:09:07 Working with auditors instead of around them 00:13:14 The trust gap: enterprise tools and personal accounts 00:19:27 Security culture is company culture 00:22:21 Wrap and what is next
Key Topics Covered
Why employee trust in management determines whether any security policy lands
How sanctioned enterprise tools, AI included, quietly fail when context and trust are missing
The legal weight of a signed risk acceptance, and why most managers treat it as paperwork
What a working leadership cadence on security communication actually looks like
Podden och tillhörande omslagsbild på den här sidan tillhör
Threat Talks. Innehållet i podden är skapat av Threat Talks och inte av,
eller tillsammans med, Poddtoppen.