Modern field guide to security and privacy

History is repeating itself (in a good way)

Much like CFOs before them, CISOs are now becoming boardroom mainstays.

|
Matt Orlando/The Christian Science Monitor

Before Sarbanes Oxley passed in 2002, having a director that was a financial expert in the American corporate boardroom was not the norm. In fact, CFOs who were originally thought of as financial gatekeepers are more than ever before held accountable for the integrity, accuracy and traceability of the financial information presented to the board. Today, we all know that financial risk is managed across the entire business. 

We are now seeing that same transformation in cybersecurity.

With the increase in industry regulations coupled with a fluid stream of high profile data breaches, CISOs are becoming boardroom mainstays, expected to present traceable, understandable and accurate cybersecurity risk information to enterprise leaders.

While the transformation spreads the gamut of industries, it has become front and center among financial companies, where new regulations and guidelines have come to surface, such as the newly revised New York State cybersecurity requirements and Group of Seven (G7) cybersecurity guidelines, in addition to the string of cyberattacks against banks such as the Bangladesh Bank, Ecuadorian and Ukrainian banks, and Russian Central Bank. 

Financial companies are feeling the pressure to make cybersecurity a top business priority that’s on the same level, if not higher, than other operational risks.

While boards want to hear from the CISOs on a regular basis, they don’t want to hear about the latest firewall purchase or the number of vulnerabilities that were patched. They want to learn about the company’s cybersecurity program in a language they understand – risk – and how cybersecurity risk maps to dollars and cents. 

Measuring the financial impact of cybersecurity risk and prioritizing remediation efforts so that the most impactful security exposures are tackled first should be top of mind for CISOs.

This requires knowledge of where their most valuable assets live and capabilities to decipher real threats and associated vulnerabilities vs. noise. The concept of accurately attaching a potential financial loss amount to applications at risk is not an easy one, but it is a critical success factor for the 2017 CISO. 

If CISOs in the financial industry want to swim ahead of the changing tide, they need to speak the board’s language. They need to understand where their most valued assets exist, threats and vulnerabilities to those assets and then map the financial impact at stake. Their assessment will need to be based on actual conditions detected in their environment and actions prioritized based on remediating threats and vulnerabilities that reduce the value at risk the most.

Not only does this approach enable enterprises to direct their limited resources at their biggest problems, but also arms them with actual financial impact metrics to present to the board. They can show the potential loss they saved the company by taking certain actions, and can assist board members in making effective investment and budget allocation decisions based on the most impactful cybersecurity risks. 

Board members are increasingly relying on CISOs to present cybersecurity risk information in the language of risk, mapped to the company’s business imperatives and to the board’s risk tolerance. At this time next year, CISOs being boardroom mainstays will be far from novel.

•••

RSA®  Conference, happening Feb. 13 - 17 in San Francisco, drives the information security agenda worldwide. It has consistently attracted the best and brightest in the field and created invaluable opportunities for first-hand interactions with peers, luminaries, and emerging and established companies. Use promo code 5U7CSMPFD for $100 off admission for Passcode readers. Register here

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to History is repeating itself (in a good way)
Read this article in
https://www.csmonitor.com/World/Passcode/2017/0206/History-is-repeating-itself-in-a-good-way
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe