< Back to listing

Posted 14 janvier 2020

Today, CISOs must support their organization and its employees with their various business challenges. They build their organization’s security strategy and assume responsibility in the event of a security incident. However, it takes time for a strategy to bear fruit. The problem is that CISOs often do not have the necessary time between defining a strategy and the resulting actions.

What efforts are required to be more efficient and impactful?

Image removed.

Here are 5 pillars that enable CISOs to establish a sustainable strategy:

 

  • Evolving from firefighter to builder

Unfortunately, cyber-security often rhymes with firefighting. But it’s not inevitable. CISOs can have a stronger impact if they are able to become builders. In other words, if they build a global security strategy anticipating all uses, including future uses, they can move past responding to security incidents to preventing them.

 

  • Taking a holistic approach

CISOs must reach out to their entire organization, and to do this, they must have a holistic approach that integrates all uses and needs of their organization. For example, in the age of the digital workplace, mobile uses must be at the heart of their strategy.

 

  • Understanding business challenges

According to this year’s Censuswide survey, 94% of French CIOs and CISOs have already given up on applying security updates for fear of having a negative impact on the business, at the expense of security. 40% of them also believe that many cyber-security incidents occur because business units prioritize business processes and customer satisfaction, disregarding security protocols. This observation is often the result of a mutual ignorance of the associated challenges. Indeed, regular exchanges with business unit leaders and a good knowledge of their challenges would enable CISOs to anticipate or respond collectively to any risk that may arise, without compromising security or the business.

 

  • Training employees

In France, human error is responsible for 24% of corporate security breaches, and represent the third risk factor behind actual criminal attacks (51%) and software or hardware technical problems (25%). A statistic that demonstrates the need to train employees so they may become true actors and co-builders of their organization’s data protection strategy, and commit themselves alongside CISOs and CIOs to a continuous improvement plan. In this sense, communicating the right messages to a non-technical audience with little knowledge about the risks involved is a major challenge for CISOs. This is a more educational role involving a collaboration with senior management, the CIO, internal communications and human resources.

 

  • Working with CIOs

The first sponsor of a CISO within the organization is unquestionably the CIO. As security partners, CIOs and CISOs must advance in the same direction and work closely together to establish a consistent Information System Security Policy (ISSP). CISOs must ensure its application, implement risk analysis and crisis management methods, and present a matching budget to enable CIOs to take informed decisions.

 

To survive as a CISO, technical skills are no longer enough. CISOs need to be versatile, visionary and collaborative. They need to get in touch with the teams in order to fully understand their challenges and provide them with best practices. It is also important for CISOs to work hand in hand with CIOs to ensure a consistent security policy. The effectiveness of the overall strategy that will be implemented will depend on this close collaboration.

link