Dark Reading

The Changing Role of the CISO

Issue link: http://dc.ubm-us.com/i/981548

Contents of this Issue


Page 16 of 16

darkreading.com | insecurity.com [ The Changing Role of the CISO ] May 2018 17 "It's not applicable to every position, but if roles have gone three plus months without solid leads, it would be worth- while to consider creative ways to ensure the roles are filled," Lamagna-Reiter says. Be an Effective Communicator. CISOs must be effective communicators, experts say. An articulate CISO can make a huge difference in an environment where getting recognition and support is already difficult. The CISO must be able to communicate a security strategy that is commensurate with the risk appetite of the company. CISOs need to be able to communicate the organization's risk exposure and the measures needed to protect the business in language that board members, business leaders, and other non-technical people can understand. They need to be able to justify budgets and use the appropriate metrics to demonstrate the effectiveness of existing security controls, or the need for new ones. The CISO, says Fredriksen, must be able to establish meaningful metrics tied to board objectives. The cybersecurity investment should ideally be expressed as a percentage of IT spending or revenue. Effective communication means showing how cybersecurity spending compares with peer organizations. It may also mean explaining the status of regulatory compli- ance and how the IT security program lines up with current internal audit findings. Most importantly, what the CEO and board want to know is whether risks are escalating, declining, or stable. Enterprises are more vulnerable to security threats than ever before. Despite spending billions of dollars on security tools and services over the past few years, enterprises remain dangerously vulnerable to cyber- threats. Corporate boards and senior executives need to lend their full support for cybersecurity missions, and CISOs need to get more creative, rather than doing the same things over and over. "Today's CISO must be cognizant of all potential threats to the organization's information and its infra- structure," says Larry Larsen, CISO of Apple Federal Credit Union. "Everything is interconnected now to a degree that we could never have foreseen even 10 years ago. The old mindset 'if it's not on the network, it's not my concern' can no longer be tolerated." Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. Write to us at editors@darkreading.com. INsecurity 2018 a Dark Reading Conference October 23-25, 2018 | Sheraton Grand Chicago INsecurity is for the defenders of enterprise security — the IT team members tasked with protecting critical data from cyber threats — and will offer real-world case studies, peer sharing and practical, actionable content for IT teams and professionals seeking better, more effective practices for defending enterprise data. LEARN MORE! Previous

Articles in this issue

Links on this page

view archives of Dark Reading - The Changing Role of the CISO