Today's CISOs have two main jobs – to secure information and to secure innovation. Sometimes they are one in the same, but they are always equally important – especially right now.
Industries such as retail, banking, manufacturing and technology are experiencing an innovation boom. And, nearly every one of these new developments are driven by the access, sharing and analysis of sensitive information across network infrastructure.
To that end, CISOs, and the strategies and policies they enforce, are critical not just to the security of a business, but to the furthering and implementation of the innovations that will propel the organization forward. That means CISOs should work in tandem with every strategic initiative to understand early on how it will impact information and network security, and how to mitigate risks.
Here are a few questions every CISO should ask themselves as they work with business innovation:
- Does your security policy match the business needs?
While the policy must address the crucial security needs, at the same time it must not be too strict to actually prevent work from being done.
- Are you communicating clearly, both upward and downward, your willingness to be a business enabler?
Build a feedback mechanism to listen to concerns where security is causing unnecessary business harm.
- Are you auditing and grading security functions for each department and business unit?
This helps you to identify the areas in need of improvement and to monitor the progress. Build a similar audit and grading scale for security cost – the inconvenience the security functions cause to the employees.
- Do you contribute to management-level business discussions even when your input about security is not needed?
Build your reputation as a skilled business problem-solver.
- Are you staying on top of technology and security?
Attend industry events, both large and small, and see what is trending and what might affect your role as the CISO.
From roadblock to enabler, the role of CISO is evolving. By becoming an active part of an organization's innovation strategy, rather than an afterthought, CISOs can help lead the charge in business enablement.