PREDICTIVE INTELLIGENCE

Automated and data-driven insights can be key to a CISO ’ s business approach and to forming an effective cybersecurity strategy . Charaka Goonatilake , CTO , Panaseer , explains why data insights set CISOs free to set tailored strategies more closely aligned to the business outcomes dictated by senior management teams . f Tim Berners-Lee had

Thankfully , instead , these networks have spent three decades realigning the tectonic plates on which companies stand . Data now forms the foundations for organisational decision-making . In a security context , it can provide an accurate overarching picture of risk to enable more proactive and prioritised management of human , technological and procedural assets .

For senior security leaders looking to use data more effectively , aggregation and context is crucial . Only with a

Charaka Goonatilake , CTO , Panaseer complete picture of all the enterprise assets , and how they are exposed , together with an understanding of how they map to an organisation ’ s structure and business objectives , can meaningful change be achieved .

To accomplish this grand vision , however , they need access to data in the first place . Inside large organisations , this is not always easy . In fact , it can prove a true test of the softer diplomatic and communication skills required to be a modern CISO .

This is because the necessary data often exists in a disparate set of silos across the entire organisation ; a complex array of security , IT and business systems . With technology imbued in every part of business , getting a comprehensive picture is crucial .

Unfortunately , the gatekeepers of this information often initially view any request from the security team as an open challenge to their ability to operate safely . It is seen as the corporate equivalent of asking chickens to vote for Colonel Sanders . People fear deeper insights will be exploited to pass judgement on their performance .

It is somewhat ironic that personal tensions and human emotions form one of the largest barriers to getting a clearer understanding of risk – a very human problem in contrast to the calculated data-driven outcomes seeking to be achieved .

When broaching this subject , security leaders must be transparent about the intended use for the data , positioning it as a way of effecting a direction of travel for a business looking to decrease risk in the long-term , in order to get buy-in from senior executives as well as their teams . The last thing such an initiative needs to be perceived as , is as a technical task to inventory assets or performance management exercise .

For this reason , managing stakeholder expectations in this early phase of any such process is key . This all starts with making a compelling business case for the initiative with peers , which is as much a test of ongoing communications skill as anything .

Done effectively and couched in simple colourful terms , it is possible to build a narrative that gradually dissolves initial reservations . However , done incorrectly so it appears burdensome and like a test of capabilities on the other hand , and it will only lead to the digging of entrenched positions . www . intelligentciso . com

33