anticipated support the CISO office is
likely to receive.
bad news as a stranger. Proper alignment
creates familiarity and visibility, which
can go a long way when the security
budget wheels need greasing or fast,
decisive action is required. Equally, it’s
also important for senior executives to
remember that the CISO is rarely the
only casualty of a major security breach.
Strong alignment benefits everyone.
Agree on a definition of success for both
the programme and the CISO.
Lacklustre c-suite support and
visibility when/where it counts
When recruiting a new CISO, companies
must be direct and open about the
www.intelligentciso.com
|
Issue 12
They should also provide real visibility
into policies and budgets, which
doesn’t always happen. Potential CISOs
should look at organisational reporting
structure for clues as to how security
is regarded internally. Often, details
such as whether they are expected to
report to the leadership team or IT can
be strong indicators of the real attitude
towards security.
After all, a chain is no stronger than its
weakest link and without appropriate
support from the top, a new CISO will
face an uphill battle from the beginning.
Also remember that while budget
doesn’t equal cooperation, cooperation
is essential for positive results –
especially from teams that control the
deployment of technology and the
adoption of controls.
For CISOs to succeed in today’s hostile
security climate, they must be able to
identify and address as many of the
potential pitfalls surrounding them as
possible, both internally and externally.
Doing so helps minimise the chance of
unwelcome ‘nasty surprises’, which often
only appear at the most inopportune
moments. Unfortunately, many CISOs fail
to do this, making what’s already a hard
and stressful job almost impossible.
This article looked at three of the
most commonly overlooked pitfalls,
all of which can be easily resolved
through due diligence and effective
communication but if left unchecked can
quickly prove a CISO’s undoing.
By addressing these challenges head on
and leaving nothing to chance, a savvy
CISO can quickly find themselves as an
outlier in the average tenure statistics. u
65