Your first task as a CISO is to understand where you are. They all have one thing in common: The very first verb you see is “observe,” “assess,” “identify,” “diagnose” or some synonym. Many models and frameworks have been developed to help people make decisions in different industries and life situations, from the military to medicine to business. If you’re a technical guru who’s been promoted into a CISO position, here are the three areas I urge you to focus on in your first weeks in the job: observe and assess, establish relationships, and recruit your extended team. We Need to Talk: Improving CISO-Board Communication This perception that the CISO role is just about dealing with technical issues can be a huge roadblock to success: The role is about managing expectations, maintaining communications and building relationships as much as it is about understanding technology and planning for adequate security controls. While some organizations, particularly those in finance or defense, look for a CISO who is well versed in the practice of risk management, many companies choose to promote their smartest engineer or analyst, the one who knows “this stuff,” and let them figure it out. The idea of having a person responsible for IT security is not new, but many organizations have only recently established a CISO position on the executive team. As organizations recognize the need to connect business risks with IT strategy, they are increasingly focusing on one person: their Chief Information Security Officer (CISO). There is no escaping the fact that information security incidents can serious damage a company or even put it out of business.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |