Intelligent CISO Issue 13 | Page 64

changes really need to be made. The technical specifics of security are still obscure to most, so how can you educate key stakeholders about what you are doing to keep the enterprise secure; attaining the buy in, budget and support you need to make real change? Knowledge is power Still, none of these stages can be completed without one key component: an understanding of your organisation’s traffic and the interactions of its systems, users and applications. Getting assistance from outside can help you here. Penetration tests, for 64 example, can help you understand your strengths, weaknesses and perhaps most importantly, your blind spots. It also provides a great live fire test for your real-world response goals. This gives you the opportunity to discover, for example, how quickly you’d be able to file a breach report under the GDPR’s 72-hour notification window. Participating in exercises like this will help staff expand their skills and cognisance of security issues. Moreover, it will help bring other parts of an organisation into the discussion, giving them a stake in your long-term security plans. The kind of support you can get from such cross pollination CISOs are not sergeants. They’re generals. Their job is not to fight battles, it’s to win wars. across the enterprise will strengthen your case when it comes to getting projects approved. Those external assessments should be supplemented with internally executed Issue 13 | www.intelligentciso.com