[BreachExchange] 5 Key Ways CISOs Can Accelerate The Business

Mon Apr 5 10:49:08 EDT 2021

https://www.forbes.com/sites/splunk/2021/04/01/5-key-ways-cisos-can-accelerate-the-business/?sh=14c145381404

Today's chief information security officers has to weigh in on board-level
decisions that affect the future of the business. A CISO's business acumen
has become just as important as security expertise in an increasingly
competitive landscape; executives rely on the CISO to map security programs
to business objectives to promote growth and generate revenue.

It's essential that CISOs align their security strategies with the overall
goals and mission of the enterprise. In a digital world, data security not
only reduces risk and prevents negative outcomes, it contributes to the
forward momentum of the business.

Businessman looking out of office over city
It's essential that CISOs align their security strategies with the overall
goals and mission of the enterprise. GETTY
Splunk has been helping organizations apply data to security, IT operations
and business innovation for more than 15 years. Here, from our ebook "5 Key
Ways CISOs Can Accelerate the Business," are five best practices that
uplevel a CISO's contribution to business success.

1. Understand how the CISO role has evolved.

Traditionally, CISOs care about security strategy, not profit margins.
Where a breach or security flaw was detected, their approach was to fix the
system rather than transform the business. But in the Data Age, the  CISO
is expected to create value as well as prevent disaster. That means, for
one thing, accelerating the velocity of the business, not just saying no to
every proposed change or innovation. Understanding these expectations is
vital to CISO success.

2. Know your board’s business needs.

The streams have crossed: Cybersecurity is no longer too technical and
abstruse for business execs, and CISOs can't put themselves above
considerations of financial risk, market opportunity, and the bottom line.
CISOs need to understand what drives growth and how to speak “security” in
practical, real-world terms that the board can understand. Not every
security expert is good at business-speak and organizational politics — but
for the CISO, it's soft skills are essential.

3. Embed security into your business strategy.

There's not a security expert alive who isn't furious when security is the
last box checked when expanding infrastructure or developing a new product.
CISOs must use their more business-forward roles, and those soft skills, to
ensure that security strategy is part of business strategy, from the first
meeting. Building security into the development process establishes trust
with the customer, promotes sales and gets products to market faster,
therefore driving revenue. Incorporating security into project and business
planning also helps mitigate risk, especially when working in agile
environments with short release cycles.

4. Create a strategic roadmap.

You need a framework that coordinates the security aspects of technical
developments and maps your security initiatives to long-term business
goals. First assess the current state of security, and outline goals for
the next 12, 24 and 36 months. Start at a high level, verifying mission,
vision and goals of the business.  Then look at security on a more granular
basis. Finally, update the roadmap (from its strategic goals to tactical
planning) as the business, the threat landscape and the technology stack
evolve.

5. Determine how security solutions can help.

Just as the CISO can't personally handle every aspect of security, your
managers and front-line analysts can't do it all, either. There's too much
data, too many bad guys, and too many threat vectors. Modern IT security
demands a powerful platform that can ensure security and brand reputation
won’t be compromised — they need a scalable, overarching security solution.
(We happen to know where you can get one of those.)

CISOs have a lot on their plates these days. They're keeping the bad guys
out today. They're improving security posture for tomorrow. They're
ambassadors to the C Suite and the board of directors for the entire
concept of security, and they're framing it in terms of business value and
brand imperative. The role of the CISO is expanding at least as fast as
your organization's attack surface. But with an eye toward business value,
CISOs can not only be more successful in their mission, but can raise their
position within the business.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210405/016fbb8c/attachment.html>