نظر
Companies recognize the importance of cybersecurity and increasingly incorporate it as an asset in their operational strategies. But by mixing security and operations, organizations may be diluting the core mission of the chief information security officer (CISO): to protect the assets of the company from unwanted attacks.
Dating back to the 1990s, the role of CISO was more technical and IT-focused. Security was black and white and departments strived to eliminate anything deemed a risk. Over the past 20 years, however, the job has changed. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection.
Today, CISOs are also expected to defer to business needs while still being accountable for breaches. At networking events, I’m seeing more and more CISOs with business backgrounds focusing less on the cyber aspects of the job and more on supporting business priorities.
This switch can leave companies in a precarious position. Relaxing cybersecurity diligence for the sake of speed not only threatens the security of the company’s data, but also creates unnecessary risk. And it’s not insignificant. According to IBM’s “Cost of a Data Breach Report 2023,” the average cost of a data breach in 2023 was $4.45 million, a 15% increase over three years.
In 2024, we need to rethink the role of the CISO yet again. Today’s CISO must help their organization understand that prioritizing risk reduction is key to the business’s resilience in the face of modern threats.
Today’s CISO: The Resilient Politician
CISOs once were able to sell their importance based on the idea that, in cyber terms, the sky was falling. But as the business and security sides of companies merged, corporate accountability came into play. CISOs’ focus shifted from risk avoidance to risk posture and consideration of what level is acceptable in the pursuit of business goals.
In many cases, business units that generate revenue now have the final say on just what level of risk is acceptable, including cyber-risk. Meanwhile, business leaders, who have become more conversant in cybersecurity, no longer want to hear that the sky is falling. Instead, they want the CISO’s focus to stay on growth and profitability while protecting the enterprise from cyberattacks. With the proliferation of ransomware, CISOs must not only prevent, detect, and remediate security risks, but now must consider how resilient the systems are from cyberattacks that can put the company out of business. CISOs must also focus on how quickly the company can recover from a cyber event.
The good news for CISOs is that many of these roles have been elevated to a genuine C-level position. The bad news is that their role is primarily an advisory one, secondary to what leaders see as acceptable risk. Considering the increasing pressure from the Securities and Exchange Commission (SEC) and Department of Justice regarding CISO accountability in the wake of a cyberattack, this position is quickly becoming untenable.
The Next Stage for CISOs
To be successful today, CISOs need to develop new skills while maintaining strong fundamentals. Here’s how this can be accomplished.
-
Learn how to talk to the board. CISOs need to be negotiators. They need to argue in favor of stronger security and convince boards and business units of the risks in terms they understand. How a CISO goes about this can vary, depending on whether board members’ experience is in technology or business. Providing a demonstration that puts the technical risk into a business perspective can be helpful. CISOs should also talk with other C-level executives — as well as CISOs from other industries — to get advance buy-in and different perspectives on similar conversations they’re having with their boards.
-
Get comfortable with gray. CISOs need to be comfortable developing a risk-based approach focusing on the importance of resiliency, because attackers will get in. Developing a tested plan to respond to attacks is just as important as implementing preventative measures. And always remember, you cannot provide absolute security … it’s balancing the risk with the cost.
-
Emphasize fundamentals. CISOs should build a deeply technical team that can focus on key security practices. They should run tabletop exercises on scenarios such as a system shutdown or inability to connect to the Internet. CISOs must not rely on assumptions about how to respond; running through and testing all response plans is vital.
-
Be thoughtful about tech. Security teams today have too much information to wade through. It’s essential to consolidate data and invest in automation. In a former role, I discovered my team was spending one-third of its time gathering data and creating reports. That’s not a good use of anyone’s time. Automation can help. This will also enrich your team’s careers, being able to focus on security and not administrative functions.
-
همه چیز را مستند کنید. When a damaging incident happens, the blame is often laid at the CISO’s feet. In recent years, CISOs at major companies have been let go, called to testify in court, and, in some cases, متهم با جنایت. CISOs should develop a cyberattack response plan, document every step, and follow it rigorously. Doing so might not save the CISO’s job, but it could keep them out of court.
A New CISO for a New Threat Landscape
La enterprise IT landscape has changed significantly over the past 40 years, becoming increasingly dispersed, cloud-based, and central to conducting business. So has the cyber-threat landscape, with breaches now widely considered inevitable. With so much change, it’s unrealistic that the CISO of today should operate in the same way as in decades past. In this new environment, CISOs must redefine how they balance cyber-resilience and operational demands, interact with senior leaders and the board, and deliver team and technical leadership.
- محتوای مبتنی بر SEO و توزیع روابط عمومی. امروز تقویت شوید.
- PlatoData.Network Vertical Generative Ai. به خودت قدرت بده دسترسی به اینجا.
- PlatoAiStream. هوش وب 3 دانش تقویت شده دسترسی به اینجا.
- PlatoESG. کربن ، CleanTech، انرژی، محیط، خورشیدی، مدیریت پسماند دسترسی به اینجا.
- PlatoHealth. هوش بیوتکنولوژی و آزمایشات بالینی. دسترسی به اینجا.
- منبع: https://www.darkreading.com/cybersecurity-operations/new-ciso-rethinking-the-role
- : دارد
- :است
- :نه
- 10
- 11
- 12
- ٪۱۰۰
- 20
- سال 20
- 2023
- 2024
- 40
- 7
- 8
- a
- قادر
- درباره ما
- مطلق
- قابل قبول
- انجام
- مطابق
- مسئوليت
- پاسخگو
- اداری
- پیشرفت
- مشاوره
- از نو
- معرفی
- همچنین
- همیشه
- an
- و
- هر کس
- هر چیزی
- روش
- هستند
- استدلال
- AS
- جنبه
- دارایی
- دارایی
- مفروضات
- At
- حمله
- اتوماسیون
- میانگین
- به عقب
- پس زمینه
- بد
- برج میزان
- موازنه
- مستقر
- BE
- زیرا
- شدن
- تبدیل شدن به
- بوده
- بودن
- سیاه پوست
- تخته
- شکاف
- نقض
- ساختن
- کسب و کار
- رهبران مشاغل
- اما
- by
- نام
- آمد
- CAN
- نمی توان
- قابلیت
- مشاغل
- موارد
- مرکزی
- تغییر دادن
- تغییر
- رئیس
- افسر ارشد امنیت اطلاعات
- دایره
- CISO
- راحت
- کمیسیون
- شرکت
- شرکت
- انجام
- اتصال
- در نظر بگیرید
- توجه
- در نظر گرفته
- با توجه به
- محکم کردن
- گفتگو
- متقاعد کردن
- هسته
- شرکت
- هزینه
- میتوانست
- دادگاه
- ایجاد
- ایجاد
- سایبر
- حمله سایبری
- حملات سایبری
- امنیت سایبری
- آسیب رساندن
- داده ها
- نقض داده ها
- دهه
- تلقی می شود
- عمیقا
- ارائه
- خواسته
- تظاهرات
- بخش
- وزارت دادگستری
- گروه ها
- بستگی دارد
- تشخیص
- توسعه
- در حال توسعه
- مختلف
- سخت کوشی
- کشف
- پراکنده
- سند
- عمل
- مرتفع
- از بین بردن
- غنی سازی
- سرمایه گذاری
- محیط
- ضروری است
- واقعه
- حوادث
- هر
- همه چیز
- تبادل
- مدیران
- انتظار می رود
- تجربه
- چهره
- سقوط
- توجه
- پا
- نهایی
- تمرکز
- تمرکز
- به دنبال
- برای
- سابق
- از جانب
- توابع
- اصول
- جمع آوری
- تولید می کنند
- واقعی
- دریافت کنید
- Go
- اهداف
- می رود
- خوب
- خاکستری
- رشد
- اتفاق می افتد
- آیا
- داشتن
- شنیدن
- کمک
- مفید
- چگونه
- چگونه
- اما
- HTTPS
- i
- آی بی ام
- ICON
- اندیشه
- اجرای
- اهمیت
- مهم
- in
- عجز
- حادثه
- از جمله
- ترکیب کردن
- افزایش
- افزایش
- به طور فزاینده
- لوازم
- اجتناب ناپذیر
- اطلاعات
- امنیت اطلاعات
- ناچیز
- در عوض
- تعامل
- اینترنت
- به
- سرمایه گذاری
- IT
- ITS
- کار
- JPG
- تنها
- عدالت
- نگاه داشتن
- کلید
- گذاشته
- چشم انداز
- رهبران
- رهبری
- ترک کردن
- کمتر
- اجازه
- سطح
- دیگر
- حفظ
- عمده
- بسیاری
- ممکن است..
- در ضمن
- معیارهای
- اعضا
- قدرت
- میلیون
- ماموریت
- خلط
- مدرن
- بیش
- بسیار
- باید
- my
- نیاز
- نیازهای
- شبکه
- جدید
- اخبار
- بعد
- نه
- اکنون
- of
- افسر
- غالبا
- on
- یک بار
- ONE
- یک سوم
- فقط
- کار
- قابل استفاده
- عملیات
- or
- کدام سازمان ها
- سازمان های
- دیگر
- خارج
- روی
- گذشته
- چشم انداز
- دیدگاه
- برنامه
- برنامه
- افلاطون
- هوش داده افلاطون
- PlatoData
- بازی
- سیاستمدار
- موقعیت
- شیوه های
- فشار
- جلوگیری از
- در درجه اول
- اولویت بندی
- سودبخشی
- محافظت از
- حفاظت
- حفاظت
- ارائه
- ارائه
- دستیابی
- قرار دادن
- قرار می دهد
- به سرعت
- باجافزار
- RE
- اخیر
- شناختن
- بهبود یافتن
- تعریف مجدد
- کاهش
- تکیه
- به یاد داشته باشید
- گزارش
- گزارش 2023
- گزارش ها
- حالت ارتجاعی
- انعطاف پذیر
- مصمم
- پاسخ
- پاسخ
- درامد
- خطر
- خطرات
- نقش
- نقش
- دویدن
- در حال اجرا
- s
- دلیل
- همان
- ذخیره
- گفتن
- سناریوها
- SEC
- ثانوی
- اوراق بهادار
- بورس و اوراق بهادار کمیسیون
- تیم امنیت لاتاری
- خطرات امنیتی
- دیدن
- مشاهده
- فروش
- ارشد
- تغییر کرد
- باید
- تعطیل
- طرف
- مشابه
- مهارت ها
- آسمان
- So
- برخی از
- سرعت
- هزینه
- صحنه
- ماندن
- گام
- هنوز
- استراتژی ها
- قوی
- پایه های قوی
- قوی
- موفق
- چنین
- حمایت از
- گزینه
- سیستم
- سیستم های
- صحبت
- تیم
- تیم ها
- فن آوری
- فنی
- پیشرفته
- قوانین و مقررات
- آزمایش
- تست
- نسبت به
- که
- La
- شان
- آنها
- اینها
- آنها
- این
- تهدید
- تهدید می کند
- تهدید
- سه
- از طریق
- زمان
- به
- امروز
- هم
- فهمیدن
- واحد
- غیر ضروری
- ناخواسته
- استفاده کنید
- متفاوت
- حیاتی
- واد
- بیداری
- می خواهم
- بود
- مسیر..
- we
- خوب
- بود
- چی
- چه زمانی
- چه
- در حین
- سفید
- WHO
- به طور گسترده ای
- اراده
- با
- سال
- هنوز
- شما
- شما
- زفیرنت