decrypting myths

Stephen Roostan , VP EMEA at Kenna Security , explains why every question from your CEO is an opportunity to shape the security culture in your organisation , and how adopting a risk-based vulnerability management mindset offers the best opportunity for success . hen it comes to an

According to respondents , the current focus for CISOs is on more tactical activities such as ‘ building and maintaining threat-resistant systems ’ ( 56 %) and ‘ identifying potential external threat factors ’ ( 51 %). Even though this research was carried out pre-COVID , the results were on a par with CISOs ’ priorities during the pandemic . In short , focus is on the here and now . However , three years from now , respondents believe this should be on the much more strategic objective of ‘ building an organisation-wide cybersecurity culture ’ ( 63 %).

In order to come to fruition , this switch in focus from tactical activities to strategic objectives will require a matching shift in overall approach to security , starting in the boardroom and trickling down to every other level of an organisation over time .

Seize every opportunity to drive change

When it comes to reshaping the security culture of an organisation , CISOs must use every question from their CEO as an opportunity to drive change . One of the best ways to do this is by adopting a risk-based vulnerability management ( RBVM ) approach to answering such questions , which will not only enable CISOs to deliver more strategic value whenever possible , but also encourage executives to think a bit more about the questions they ask going forward .

What is RBVM ?

RBVM is a cybersecurity strategy in which organisations prioritise remediation of software vulnerabilities according to the risk they pose to the organisation . The need for RVBM is www . intelligentciso . com

67