![EMC logo]() |
![Business People]()
I wonder how many CISO ’s or individuals in a similar role go to the board with bowl in hand to ask for more? More of what you might ask? Budget of course! And how many times are they challenged?
CISO ’s today are under a great amount of pressure to meet business objectives likes protecting a company’s reputation, implementing innovative technologies to help the business and opening up their networks to enable B2B trading. Demonstrating return on investment particularly in security is a real challenge which even the most talented security teams struggle with. Many CISO ’s are simply not even listing their daily activities and translating them to how they protect the business.
It seems to me that the role of the CISO is changing, and the security industry and analysts have alluded to this in the past that the CISO has to truly grasp the business objectives and be able to demonstrate how his role and team are meeting these objectives. This has no ROI but it does demonstrate value to the business in helping protect key corporate assets, such as reputation. How many times have we heard ‘the security team said ‘no’ the reality is the business will still go ahead with a solution regardless of security? The CISO ’s role increasingly becomes devalued and marginalized. To exacerbate the problem, most CISOs don’t publicize positive security-and-risk-related developments. Thus, Senior executives end up with an unbalanced, unduly negative view of the CISO and of the organization’s security posture.
Quite often CISO ’s have risen up the ranks from a technical IT role and don’t have the interdepartmental relationships so vital to this role to gain respect and influence. Business skills and communication are another vital requirement to succeed, technical skills are important but the new role must be able to translate this to business terms and how the security investment brings value to the business.
If you want to learn how to transform this role from a CISO to a Business Security Officer then read my next blog on some simple steps to how to get that next budget approved.
Register now for the RSA Conference providing information security professionals with a 3-day, face-to-face, industry forum, providing practical knowledge to help protect and secure your organizations.
EMC Forum in London is your chance to discover how Cloud transforms IT, Big Data transforms Business and Trust transforms the Cloud. Hear about the latest solutions, find out about the trends shaping the future of IT-as-a-service, and learn how you can lead your company’s IT and business transformation.
|
