CISO vs. CIO, CISO & the C-Suite, & How the CISO Works With the CPO – BSW #233

Both CISOs and CIOs commonly operate within the cyber security space. A recent survey indicates that 48% of security teams report to a CISO, while 25% report to the CIO. Although there was no measurable difference in terms of strategies deployed by CISOs vs. CIOs, defining who should take cyber security ownership is becoming increasingly important.

The CISO is a relatively new arrival to the C-Suite. It’s also one that is still finding its place among more established leadership positions. As organizations continue to use a remote or hybrid workforce, the CISO’s role at the executive’s table will be needed. But to empower them to defend against cyberattacks, the working relationship between the CISO and other members of the C-suite need to shift.

The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working.

A Chief Information Security Officer (CISO) is the highest-ranking in the company’s information security organization. One of the primary objectives of a CISO is to build a security posture that is compliant with legal, regulatory, and contractual obligations of information security. CISOs are also capable of protecting the organization from emerging external and internal threats. A CISO achieves this objective through various organization-level controls and disciplines. 1. Establish a Security Strategy 2. Risk Assessment 3. Security Governance 4. Vulnerability Management 5. Verifications (Audits, Penetration tests, red team exercises) 6. Program Management 7. Leadership 8. People Management

Whether you have overbooked yourself, realized you have a conflict, or otherwise can’t or don’t want to participate in a project, it’s essential to uncommit gracefully. Doing so will keep your reputation intact and your relationships strong. The author offers six tips to help you go about saying no after you’ve already said yes with tact and professionalism: 1) Consider the cost. 2) Shift your perspective. 3) Be diplomatic but truthful. 4) Preserve the relationship. 5) Offer an alternative. 6) Learn from it.

In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security" 1. Strengthen the Cybersecurity Fundamentals 2. Cybersecurity Must Be a Boardroom Agenda 3. Leverage Intelligent Automation and Other Advanced Technology 4. Shift to A Zero Trust Architecture 5. Focus on Securing Your Cloud Infrastructure 6. Develop Robust Continuity Plans

Most business continuity and disaster recovery (BCDR) administrators are aware that business interruption insurance is available to cover some or all downtime-related costs, including lost income. However, many aren't sure what a policy includes or excludes, or how it can be acquired. 1. Add coverage to a property/casualty policy 2. Consider what the plan covers 3. Read the fine print