451 Research: 4 Key considerations for CISOs
The chief information security officer (CISO) position is slowly but surely, becoming a key leadership role across industries. Currently, half of midsize organizations in the U.S. have a CISO who heads up their information security program, and the number is climbing.
As CISOs become more common, the role has become more defined: it is the CISO’s job to unite the organization and ensure everything it does is secure. In a recent report, Eric Hanselman, chief analyst at 451 Research, shared a few tips for security leaders to help achieve these goals. Below are some of the key takeaways:
Collaboration is key.
As businesses become more accustomed to the newest member of the C-suite, integration throughout the entire company is key. Right now, there is often a disconnect between security and IT – who is responsible for what? What does data protection mean to IT professionals versus security teams? If the answers to these questions are different, it can be a recipe for disaster.
When starting out in a new organization, the CISO should meet with other departments within the company to map out a security program and discuss protocols for managing and responding to security threats. If this information is not communicated and documented, CISOs can’t do their jobs correctly.
Be proactive, not reactive.
It’s important for companies to be data aware in order to prevent a security incident. It’s also important for them to be aware of what is going on across departments.
When the organization is not on the same page, the possibility of a breach or hack from either internal or external threats increases significantly. If the CISO is unaware of the IT team’s latest software update, there could be security gaps that are overlooked.
Instead of being reactive, the company should take a proactive approach to security by ensuring continuous communication between the CISO and other departments – IT in particular. By scheduling weekly meetings with the leaders of other departments or implementing monthly updates via email, CISOs can be consistently aware of the projects and problems other teams may be facing, as well as provide guidance on solutions that may be more security friendly.
Know your limit.
Today, there simply are not enough people in the security industry to check every task off an ideal to-do list. Security and IT departments are overloaded – incapable of handling every task at the drop of a dime. According to 451 Research, “this year saw incidents where the data was there to give a warning, but teams were too swamped to piece it together or respond effectively.” To avoid missing the warning signs of a security threat, CISOs must be aware of their teams’ workloads.
Learn more about best security practices for your organization.Like This