Did you miss the session at the Data Summit? See on-demand here.
This article is contributed by Ashley Rose, CEO and co-founder of Living Security.
Since the beginning of the role of Chief Information Security Officer (CISO), the security professionals filling this seat have had to walk a tight line between the IT department, other C-suite executives and the board. In charge of handling real-time threats and minimizing cyber attacks, CISOs often find themselves between a rocky and difficult location, trying to communicate and implement security initiatives that require a purchase from the rest of the company. One foot in security and the other in business operations, it is essential that CISOs can bridge the security gap and ultimately get approval for their initiative to keep the enterprise safe. Here are three tips for navigating the increasingly executive role of a modern CISO.
Start speaking the language of the board
To effectively bridge the communication gap, CISO needs to speak in terms that the board and other C-Suite executives can understand. This needs to address how cybersecurity directly affects business operations, customer relationships, the company’s reputation and ultimately the corporation’s bottom line. Cyber attacks are becoming more and more common, and have really become a matter of “when” instead of “if” and will affect any business. CISOs should use real-world examples to show how cyber incidents have resulted in a decline in shareholder value, a hit on corporate reputation, and an executive-level termination. In addition, cyber security initiatives should be translated into business objectives that reflect the return on investment through an improved security posture that protects the company’s bottom line. For example, Matrix provides metrics that show how phishing penetration tests and awareness events ultimately increase efficiency and save money.
Tilt into your matrix
Sometimes when competing for less resources, CISOs need to quantify security risks. Each claim should be backed up with data showing the security status of the company and where gaps can lead to costly attacks. The goal is to build the Board’s confidence that the right decisions are being made and that money is not being wasted. The metrics speak for themselves, showing how the needle of risk is moving over time and how you are protecting the value of the company.
Use a large network of performance
In modern enterprises, CISO can no longer exist in IT silos. Interactions with other C-Suite executives are crucial to integrating cyber security initiatives across the business. If the top management is not engaged in cyber hygiene, their teams will not be invested either. It is crucial for enterprise security that every single person in a corporation, from top to bottom, invests in cyber security. Some corporations are also investing in a new role, the Business Information Security Officer (BISO), to act essentially as an ambassador between CISO and other business entities. BISO is brought in to help raise the profile of cyber security across the organization and the needs of each department to suit cyber security initiatives and education. While not essential, they can help achieve the ultimate vision of CISO.
Collaborated voluntarily outside the enterprise
Just as building relationships within a corporation is essential for CISOs, so too is collaborating with vendors and partners outside the company. In today’s growing digital world, organizations are only as secure as they are connected. Evaluate the security of the company’s most critical vendors, be clear about your expectations for cyber security, and make sure there is an open line of communication so you know those standards are being met.
Today’s CISOs wear multiple hats, and their jobs are becoming increasingly difficult. They must speak the language of C-suite while maintaining their close relationship with IT. They need to navigate strategic board discussions, putting the company’s strategic security initiative at the forefront. However, if they accept the challenge, focusing on how security initiatives are equal to the return on investment, leaning on their metrics and building relationships both inside and outside the office, they can create a security initiative that really puts the needle at risk. Can move.
Ashley is the CEO and co-founder of Rose Live securityLeading in human risk management and leading in safety awareness training.
Welcome to the VentureBeat community!
DataDecisionMakers is a place where experts, including tech people working on data, can share data-related insights and innovations.
If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing to your own article!
Read more from DataDecisionMakers