decrypting myths
science can increase the accuracy and efficiency of fixing vulnerabilities , therefore saving time and costs for the IT team , has got to be a winning argument .
How does our security risk stack up against our competitors ?
This is a question that comes up time and time again at a board level , often due to the difficulty that many executives can have in measuring their own efforts when it comes to security .
Access to industry benchmarking is key to answering this line of questioning . Many modern risk management tools now contain great benchmarking features that can provide the information needed . Alternatively , participating in industry focused groups and organisations can also help you keep tabs on what competitors are up to . However , it ’ s important to remember that at the end of the day , the only security programme that matters is your own .
Stephen Roostan , VP EMEA at Kenna Security
and efficiently if you aren ’ t careful . The key to doing so is keeping the necessary information close to hand , whether through a data warehouse , proprietary security dashboard or similar . Knowing where and how to find the right information is crucial here .
Where can we get the biggest return on investment from a security perspective ?
This kind of question is a dream come true for many CISOs because it shows that the CEO is potentially willing to make an investment in security if the returns are good enough . In addition to justifying new investment in terms of securing against the losses that could be incurred by a breach , being able to demonstrate measurable ROI is a compelling combination . For example , being able to explain to the CEO how the automation and application of data
Ultimately , when it comes to security , all any CEO really wants to know is if the business is secure and protected from cyberthreats . While the answer to this is rarely black and white , approaches such as RBVM help provide fact-based answers , steer future conversations , drive cultural change and with luck , unlock future budget increases along the way . u
CISOs must use every question from their CEO as an opportunity to drive change . www . intelligentciso . com
69