lassedesignen - Fotolia
How can the CISO become a business enabler?
For a cybersecurity program to be effective, CISOs must be viewed as business enablers. Kudelski Security's John Hellickson offers tips on how CISOs can make the transformation.
For a security program to be successful, organizations must view security as a business enabler and not as a roadblock. This requires CISOs to help the C-suite and members of the board understand the role of security and why it's important they are aware of cyber-risks and threats.
In this Ask the Expert, John Hellickson, managing director of global strategy and governance at Kudelski Security, offers tips on how CISOs can become business enablers. Hellickson explains that it's imperative for CISOs to cultivate knowledge about their organization's objectives, challenges and processes to help steer valuable conversations about cybersecurity. He also stresses the need to include executive leadership when crafting a long-term cybersecurity strategy.
In what ways can a CISO become a business enabler?
John Hellickson: The first thing that comes to mind is to fully understand the organization's strategic goals and mission, along with the business responsibilities and challenges each C-suite and executive leader has on a day-to-day basis.
The CISO should realize that every C-suite member has a different perspective about top risks for the organization and shouldn't assume that cybersecurity trumps all other risks. If the CISO understands the key products and business processes, and how their security controls enhance or ensure availability of those products and processes, they could have more rich and meaningful conversations with those business leaders to pave the way for future support when security initiatives may have an impact on people or processes of that business leader's organization.
Another often overlooked element is the transparency of the cybersecurity program and its multiyear strategy. Providing C-suite members the opportunity to share their top challenges and concerns, as well as their thoughts on cybersecurity prior to developing a multiyear cybersecurity roadmap is crucial, even if their input doesn't have a material impact on that roadmap. Linking cybersecurity initiatives to business outcomes that provide value beyond just protecting the organization, while helping the organization achieve its goals and objectives, is an easy way to demonstrate business alignment and value.
Dig Deeper on Risk management and governance
Related Q&A from Mekhala Roy
What role does machine learning play in the threat hunting process?
Fidelis Cybersecurity president and CEO Nick Lantuh discusses threat hunting best practices, including machine learning's role in corporate data ... Continue Reading
What are the benefits of serverless computing?
At the recent Gartner Symposium, analyst Arun Chandrasekaran highlighted the benefits of serverless computing and delineated the factors driving ... Continue Reading
What should CIOs look for when choosing public cloud platforms?
In this Ask the Expert, Lumentum SVP and CIO Ralph Loura highlights two key factors to consider when choosing among public cloud giants AWS, Azure ... Continue Reading