EXPERT OPINION focus to a strategic one . This is due to the increase in demands placed on CISOs to protect organisations from cyberthreats . In order to be successful , CISOs must now have a deep understanding of the business , its risks and its goals . They must also be able to build and maintain relationships with key stakeholders .
One example is that the board wants more than just a service-level agreement on security incident response . Instead , they are looking for a protection-level agreement to ensure digital assets are continuously patched and protected to proactively react to cyber incidents that may cause business disruption .
Gradually , the CISO has become more involved in decision-making processes . Almost systematically now , when innovation is involved , the CISO ’ s voice makes a difference . And that difference is not about saying no all the time . Rather than speaking from the voice of ‘ Mister No ’, the CISO has turned into a source of inspiration for innovation , rallying data analysts and software developers under the same banner of secure operations development . In order to do so , the CISO and their team have initiated a healthy dialogue between production , marketing , finance and even HR and Legal . As a consequence , this has shifted the focus from bits and bytes language towards more businessoriented notions such as risk , market footprint and compliance .
Important strategies for CISOs in 2023
CISOs should always keep in mind the importance of strategy when demonstrating business value . This means considering both the short- and long-term effects of decisions and making choices that will benefit the company as a whole . In the short term , it may be tempting to cut corners or take shortcuts , but doing so could jeopardise the company ’ s security in the long run . It ’ s crucial to remember that the goal is to protect the organisation ’ s data and assets , not just to save money .
An effective way to demonstrate business value is to understand the ‘ kill chain ’ of a business . Most CISOs are very familiar with the technical concept of the cyber kill chain in cybersecurity , but it ’ s important to also understand the impact a cyberattack can have on critical operations and the revenue or reputation loss that may result from it . CISOs should keep the assets or data being protected top of mind , ensuring they are prioritised according to the business value kill chain . Place a higher focus on risk management tools for
assets and data that have a critical impact on business operations .
The CISO should keep in mind a holistic approach when considering the benefits of the solutions . When discussing secure access , for instance , the deployment of authentication technologies could seem like a change of behaviour in the eyes of users who are only exposed to VPN once a day . However , the overall benefit
In order to be successful , CISOs must now have a deep understanding of the business , its risks and its goals .
42 www . intelligentciso . com