Commentary from the Dow Jones Cybersecurity Newsletter

This week I attended the CISO Forum, a small event in Half Moon Bay that gathered CISOs for a series of briefings and discussions on cybersecurity challenges facing their organizations. In a panel titled ‘In-CISO-mnia — What Keeps Security Leaders up at Night?’ Paul Johnson, Global Chief of Security for Papa John’s, shared his top three concerns. Vendor management, network complexity and sprawl, and focusing on the protection of crown jewels topped the list.
Papa John’s has over 10,000 suppliers and almost 5,000 branches, 25% of which are overseas and the majority are owned by franchisees where poor local security practices could damage the core brand. The intense move to digital now sees 55% of Papa John’s orders placed online, increasing the focus on PCI compliance and point-of-sale device security. Interestingly, the project to identify crown jewel assets identified control systems in bakeries as a key network that could not be allowed to fail. As Paul said “bakeries make the dough that makes the dough”.
Critical assets are not always intellectual property, credit card numbers or customer databases. Sometimes it is software or a network responsible for a mundane task that keeps the rest of the business running. Identifying these systems, adequately securing them, and including them in disaster recovery plans is essential to ensuring cyber resilience.

**This article was originally published as part of the Dow Jones Cybersecurity Newsletter, a weekly digest of news with commentary and analysis. Sign up for free at**