FEATURE
is a requisite to defend against advanced threats.
4. Understand your organisation’ s risk appetite: No two organisations have exactly the same relationship with risk. Gaining an understanding of how much risk and what types of risk your new organisation is willing to accept is a critical. This information will guide your prioritisation of security initiatives and what – and what not to – focus on. In addition to your board of directors and CEO, your line-of-business leaders hold valuable insights on the company’ s risk appetite.
5. Know your role, build relationships accordingly: Relationships are critical for any executive. CISOs need to start building network connections that encompass everyone from the boardroom, to the executive team, to various members of the network and security teams. Today’ s CISO must be not only fully conversant in cybertechnologies and threats but also speak the language of the business.
6. Structure the team, bring in reinforcements: All of the above factors will inform how you structure your existing team and what skills you will look for with any new hires. Unfortunately, attracting and retaining talent is expected to be an increasing challenge going forward. CISOs must quickly begin developing a talent pool of potential recruits who bring the right skills and thrive in the corporate culture.
7. Be strategic about technology investments: Given that the threat landscape, your IT environment and the direction of your business are dynamic, your security architecture must be adaptive. A security fabric approach deploys a common set of layered security tools across the entire on-premises and cloud environment. It provides a single pane of glass from which the company’ s security posture at a given moment can be assessed and addressed.
8. Track, measure and report results: Objective measurement and communication of your company’ s security posture visà-vis risk tolerance and business objectives – which includes industry, governmental and security compliance – is critical to your success. An important starting point for tracking, measuring and reporting results is to align business-security initiatives based on Key Performance Indicators( KPIs) and Key Risk Indicators( KRIs).
Best practice for CISOs at SMBs
HADI HADI JAAFARAWI JAAFARAWI, MANAGING
, MANAGING DIRECTOR DIRECTOR, QUALYS, QUALYS MIDDLE ME EAST
Hadi Jaafarawi, Managing Director Qualys ME
SMBs falsely assume that they aren’ t susceptible to cyberattacks, but in reality, they are more vulnerable and face greater challenges to network security due to smaller budgets, lesssophisticated infrastructure and lack of security personnel.
Therefore, it’ s crucial for SMBs to be smart about defensive choices and focus on what matters most.
Instead of thinking of the security budget in terms of cost, understanding the risk associated with a potential cyberattack is the first step towards a strong cybersecurity posture.
Chief Information Security Officers( CISOs) need to gain an understanding of the types of threats that target their company, the weaknesses that exist within their current infrastructures, identify the vital business assets that entails protection and the level of protection required.
This security assessment provides a comprehensive security baseline that helps CISOs select an easy and comprehensive solution that continuously assesses their security posture, complies and responds to the ever-changing regulations and security threats, as well as helping build a solid and secure IT environment without the hassle and costs of deploying point solutions.
Qualys makes it possible for businesses to strengthen the security of their networks and applications with their continuous security and compliance management solutions.
The newly introduced Qualys Community Edition, a free cloud-based service gives small organisations unified visibility of their own or their clients’ IT and web assets.
It also allows users to leverage the power of the Qualys Cloud Platform, which performs billions of scans annually to automatically gather and analyse security and compliance data from hybrid IT environments.
This accurate and immediate visibility helps organisations maintain a higher level of security and provides auditors with trusted compliance reports, while consolidating their stack and drastically reducing costs.
Furthermore, the importance of providing information security awareness training to the employees cannot be understated. A security awareness programme offers employees the knowledge they need to better protect the organisation’ s information through proactive, security conscious behaviour.
Employees should gain a basic understanding of security policies as well as their respective responsibilities in protecting personal and business assets.
To be effective, CISOs should implement an ongoing security awareness programme that includes continuous training, communication and reinforcement. u
50 Issue 04 | www. intelligentciso. com