because the more resistance
encountered when it really matters,
the more damage is likely to be
inflicted. As a CISO, there’s nothing
worse than swinging into action, only
to be told the required course of
action is too disruptive.
• Deploying new security capabilities,
especially those likely to help detect
and disrupt an adversary, isn’t easy.
Sadly, in a ‘normal’ world they can
take well over a year to deploy and
configure – during a breach less
time will be provided. Furthermore,
even an endless supply of budget
doesn’t necessarily buy cooperation.
Without support from the top of the
64
organisation and IT peers, security
planning can quickly become an
‘expense’ instead of a culture.
Failure to properly align with
senior management expectations
It’s critical for any incoming CISO
to align with senior management
as soon as possible to make sure
everyone is on the same page
regarding the responsibilities,
expectations and goals attached to the
role. Have these conversations before
the first security failures. Without this
kind of due diligence, a CISO could
well find himself/herself working to a
Chief Information
Security Officers
rarely have an easy
time of things.
different set of parameters than those
expected by the rest of the c-suite,
which may only become apparent when
the worst happens.
CISOs should also never find themselves
in a position where they have to deliver
Issue 12
|
www.intelligentciso.com