FEATURE
is a requisite to defend against advanced threats .
4 . Understand your organisation ’ s risk appetite : No two organisations have exactly the same relationship with risk . Gaining an understanding of how much risk and what types of risk your new organisation is willing to accept is a critical . This information will guide your prioritisation of security initiatives and what – and what not to – focus on . In addition to your board of directors and CEO , your line-of-business leaders hold valuable insights on the company ’ s risk appetite .
5 . Know your role , build relationships accordingly : Relationships are critical for any executive . CISOs need to start building network connections that encompass everyone from the boardroom , to the executive team , to various members of the network and security teams . Today ’ s CISO must be not only fully conversant in cybertechnologies and threats but also speak the language of the business .
6 . Structure the team , bring in reinforcements : All of the above factors will inform how you structure your existing team and what skills you will look for with any new hires . Unfortunately , attracting and retaining talent is expected to be an increasing challenge going forward . CISOs must quickly begin developing a talent pool of potential recruits who bring the right skills and thrive in the corporate culture .
7 . Be strategic about technology investments : Given that the threat landscape , your IT environment and the direction of your business are dynamic , your security architecture must be adaptive . A security fabric approach deploys a common set of layered security tools across the entire on-premises and cloud environment . It provides a single pane of glass from which the company ’ s security posture at a given moment can be assessed and addressed .
8 . Track , measure and report results : Objective measurement and communication of your company ’ s security posture visà-vis risk tolerance and business objectives – which includes industry , governmental and security compliance – is critical to your success . An important starting point for tracking , measuring and reporting results is to align business-security initiatives based on Key Performance Indicators ( KPIs ) and Key Risk Indicators ( KRIs ).
Best practice for CISOs at SMBs
HADI HADI JAAFARAWI JAAFARAWI , MANAGING
, MANAGING DIRECTOR DIRECTOR , QUALYS , QUALYS MIDDLE ME EAST
Hadi Jaafarawi , Managing Director Qualys ME
SMBs falsely assume that they aren ’ t susceptible to cyberattacks , but in reality , they are more vulnerable and face greater challenges to network security due to smaller budgets , lesssophisticated infrastructure and lack of security personnel .
Therefore , it ’ s crucial for SMBs to be smart about defensive choices and focus on what matters most .
Instead of thinking of the security budget in terms of cost , understanding the risk associated with a potential cyberattack is the first step towards a strong cybersecurity posture .
Chief Information Security Officers ( CISOs ) need to gain an understanding of the types of threats that target their company , the weaknesses that exist within their current infrastructures , identify the vital business assets that entails protection and the level of protection required .
This security assessment provides a comprehensive security baseline that helps CISOs select an easy and comprehensive solution that continuously assesses their security posture , complies and responds to the ever-changing regulations and security threats , as well as helping build a solid and secure IT environment without the hassle and costs of deploying point solutions .
Qualys makes it possible for businesses to strengthen the security of their networks and applications with their continuous security and compliance management solutions .
The newly introduced Qualys Community Edition , a free cloud-based service gives small organisations unified visibility of their own or their clients ’ IT and web assets .
It also allows users to leverage the power of the Qualys Cloud Platform , which performs billions of scans annually to automatically gather and analyse security and compliance data from hybrid IT environments .
This accurate and immediate visibility helps organisations maintain a higher level of security and provides auditors with trusted compliance reports , while consolidating their stack and drastically reducing costs .
Furthermore , the importance of providing information security awareness training to the employees cannot be understated . A security awareness programme offers employees the knowledge they need to better protect the organisation ’ s information through proactive , security conscious behaviour .
Employees should gain a basic understanding of security policies as well as their respective responsibilities in protecting personal and business assets .
To be effective , CISOs should implement an ongoing security awareness programme that includes continuous training , communication and reinforcement . u
50 Issue 04 | www . intelligentciso . com