changes really need to be made. The
technical specifics of security are
still obscure to most, so how can you
educate key stakeholders about what
you are doing to keep the enterprise
secure; attaining the buy in, budget and
support you need to make real change?
Knowledge is power
Still, none of these stages can be
completed without one key component:
an understanding of your organisation’s
traffic and the interactions of its systems,
users and applications.
Getting assistance from outside can
help you here. Penetration tests, for
example, can help you understand your
strengths, weaknesses and perhaps
most importantly, your blind spots. It
also provides a great live fire test for
your real-world response goals. This
gives you the opportunity to discover,
for example, how quickly you’d be able
to file a breach report under the GDPR’s
72-hour notification window.
Participating in exercises like this
will help staff expand their skills
and cognisance of security issues.
Moreover, it will help bring other parts
of an organisation into the discussion,
giving them a stake in your long-term
security plans. The kind of support you
can get from such cross pollination
CISOs are not
generals. Their job is
not to fight battles,
it’s to win wars.
across the enterprise will strengthen
your case when it comes to getting
Those external assessments should be
supplemented with internally executed