- 1. What is a CISO? Responsibilities and requirements for this vital role
CISO responsibilities break down into the following categories:
1. Security operations
2. Cyberrisk and cyber intelligence
3. Data loss and fraud prevention
4. Security architecture
5. Identity and access management
6. Program management
7. Investigations and forensics
- 2. Developing a Risk Management Approach to Cybersecurity – Security Boulevard
CISOs have an opportunity to reorient their cybersecurity programs away from a focus on compliance, toward a focus on risk. Here's how:
Start With Objectives and Risks - Yes, compliance will always be one of those objectives, but consider some of the other objectives the organization has:
Tie Together Risk, Security, and IT Governance - The capabilities that are important for IT governance today are more along the lines of:
1. Data security and data mapping
2. Your ability to monitor network activity
3. Provisioning and de-provisioning user access
4. Security assessments for vendors
This approach leads to Better Reporting to the Board.
- 3. How Automation Can Protect Against Data Breaches
Automating security allows vital data, such as the location of suspicious login attempts, to be tracked without the need for a costly and time-consuming campaign.
- 4. The Guide to Presenting Information Security’s Business Value – Security Boulevard
With the ever-changing landscape of cyber risk, how can security teams demonstrate the business value of security programs? How can CISO’s underline the importance of correct procedures that need to be followed company-wide?
1. Benefits of Cybersecurity Investments Must be Framed Around Enterprise Goals
2. Define and determine risk posture
3. Drive home the value proposition added and control the narrative
- 5. The Problem with Cyber Insurance: Outdated Incentives
Instead of solving your cybersecurity problems, cyber insurance companies capitalize on your amortized cost given the probability of a breach. It’s economically viable because data breaches have been relatively cheap. Here's the limitations of cyber insurance:
1. Cyber Insurance Won’t Save your Reputation
2. Cyber Insurance Won’t Save your Data
3. Cyber Insurance may not be a Sustainable Industry
- 6. Research: A Little Recognition Can Provide a Big Morale Boost
As organizations large and small face the twin challenges of increasingly strained budgets and burned out workforces, what can managers do to keep employees engaged — without breaking the bank? In this piece, the authors share new research on the power of symbolic awards such as thank you notes, public recognition, and certificates. They find that these simple interventions can significantly improve employee motivation, but clarify that to maximize their effect, it’s essential to customize these rewards to your unique context. Specifically, the authors draw on prior research to highlight five key considerations for managers looking to implement symbolic awards: the most impactful messenger, the best timing, whether to make it private or public, attention to detail, and the importance of starting small. While these interventions are no substitute for fair monetary compensation, especially when cash is limited, symbolic awards can go a long way to demonstrate your appreciation for your employees and keep spirits high.