expert
OPINION
Perhaps the most crucial role of the CISO is to rank cyberrisks by order of actual impact .
component of these practices . More than ever , getting your board on board with cybersecurity risk is key today .
Mitigate risks
In the past , resilience was more of a technical concept . It was about bringing back the servers . Today , it is a legal requirement documented by an auditable plan . We have moved from a series of technical steps to a contractual re-establishment of critical services .
Four types of considerations underpin these plans :
• Prioritised recovery : A very delicate ranking that can only be established through a
regular exchange between the board and the operations team . The board ’ s sign-off is crucial here . Otherwise , who would ever qualify their own activity as non-critical ? However difficult to establish , this ranking is truly a fascinating exercise that brings the CISO and team to the heart of the business .
• Defending strategies : Assessing the right combination of products , services , staffing and processes is crucial . Less is more in this matter . After years of accumulation , cyber-officers have realised the hard way that a maelstrom of products and vendors was not very efficient . The next era of security will happen via convergence , not addition .
• Offer options : This is about providing information and an array of solutions in which ,
42 WWW . INTELLIGENTCISO . COM