end-point
ANALYSIS of cybersecurity within the EU . Under this directive , businesses identified by the member states as operators of essential services – including key digital providers such as search engines , cloud computing services and online marketplaces – now have to take appropriate security measures and notify relevant national authorities of serious incidents .
Trying to ensure an organisation ’ s cybersecurity posture complies with these regulatory environments could be its own full-time job . Part of the challenge CISOs face is knowing how to get the board to understand what the real risk to the organisation is and avoiding any moments of panic that board members so often experience when threat risk is communicated too late or without a recovery plan in place . With the pace of regulatory change not likely to slow , the ability of CISOs to communicate upwards will be vital for continued business success .
Communicating sideways
As cybersecurity ’ s importance has risen through the organisation , so too has the stature of those in charge of it . With C in their title , the CISO is already a business leader – that hurdle has been jumped . But with this , sideways communication has become essential .
The CISO has a wide-ranging responsibility ; accountability for the security of the whole business as well as every digital identity , device and system with it . If the security of any of these elements were to fail or be put at risk , the organisation would be in jeopardy and business stability impacted . It is rare , however , that a CISO will directly deliver on this accountability . This is because whoever within the business owns the endpoint ( devices , system , monitoring and management ) is ultimately responsible for delivering its security . Often , this falls under the Chief Information Officer , but other C-suite members are also getting in on the act as technology becomes more central to their operations .
To account for this , CISOs need to communicate with their C-suite counterparts about their shared responsibility and agreed goals . They must also combine this with storytelling , negotiation and selling to ensure their engagement in the vision and mission at hand . It is only through this that CISOs can build the depth of relationships needed
Marc Lueck , CISO EMEA Zscaler
WWW . INTELLIGENTCISO . COM 73