Home Cloud Security The rise of the token CISO – Digitalmunition

The rise of the token CISO – Digitalmunition

Ian Hill, Global Director of Cybersecurity at Royal BAM Group, shares his recent disturbing experience with fellow experts, claiming that some CISOs do not truly understand the nature of their role. We are honored to have recently been invited as an expert panelist to several industry events on a variety of important cyber and information security topics, one of which was just before the panel opened. I had a pretty strange experience. Live, that made me think. It was a virtual panel consisting of a moderator, a producer, and four panelists. The fourth panelist was late and finally arrived after being chased by the producer. But what happened next was quite strange. Due to the late arrival, the producer tried to explain by looking at the screen, “I don’t know the two panelists,” but before the end, “I’m not happy with this, I’m bugging out.” As a result, the CISO of a very large multinational corporation (whose name remains unknown) wasn’t really aware of two other qualified panelists with extensive information and cybersecurity experience, just before it went live. I withdrew. I was disappointed to witness such an arrogant and rude explosion from a well-known companion. It is not suitable for our profession or the subject that others are working hard to claim. I didn’t know the other two panelists either, but I’m honored to be able to work with them and share their knowledge and experience to discuss very important topics. That is the point. These are dark times, and ego and over-inflated self-importance can cloud judgments and impair openness and dialogue. In reality, CISOs need to be ambassadors, evangelists, thought leaders, collaborators, and inspiring motivators. This is not the first time senior security professionals have encountered this type of behavior, and often individuals who have somehow fallen into that role and do not understand or value their responsibilities. The role has changed and now usually covers a wider area. ・ Security operation ・ Cyber ​​risk and cyber intelligence ・ Data loss and fraud prevention ・ Security architecture ・ Governance CISOs require strong leadership skills, but more importantly, they have a solid understanding of information technology and security, can communicate the subject at both technical and non-technical levels, and at the same time have a good experience in risk management. Is to have. You are also expected to have extensive IT and security work experience and a CISSP (Certified Information Systems Security Professional) and / or CISM (Certified Information Security Manager) qualification. Not only that, there are currently several types of CISOs, and the top six that are generally accepted are: ・ CISO that brings about change ・ CISO after violation ・ Tactical / operational expert CISO ・ Compliance and risk leader ・ Steady state CISO ・ Customer-friendly evangelist All of these require advanced skills and abilities, but now the token CISOs are on the rise. Many have improved from an IT background or through governance, risk, and compliance, but others have simply been assigned roles. As more and more companies recognize the importance of information security, the recent focus on supply chain risks, and the scrutiny of how information assets are protected, they do not fully understand their importance. , You need to find a company that plays a role. Choosing the right type of CISO is an important decision and reduces business risk. Simply assigning people to important, inexperienced roles is risky. Middle management will not be promoted from the Human Resources department to the CFO role. This requires a high degree of accounting experience and qualifications, and the same applies to information security. I remember chatting with the Token CISO at a meeting a few years ago. He argued that he didn’t need a “piece of paper” to prove he could do the job. It doesn’t really matter. Both CISSP and CISM are proof of competence and knowledge, the same that ACCA and CIMA use for accounting. A quick scan of LinkedIn shows that more and more companies are assigning new CISOs or information security officers from internal staff who have little or no security experience, or even IT or even risk. In today’s connected age, the role of the CISO is as important as the CFO or CTO, and it’s often discussed who to report to, usually the CIO, but the general consensus is that the CISO is at one level. It’s just that. Removed from the Board (or CEO). The role of CISOs is constantly evolving as the business world is constantly changing and adapting to more threatening threat situations. For large companies, the role of CISOs is now a must, and their choice is an important decision, not just to meet customer and compliance requirements. Don’t miss the second day of the Computing Cybersecurity Festival on June 23-register now! The rise of the token CISO Source link The rise of the token CISO
originally appeared on Source link

Source link


Acronis gets deeper into the Apple enterprise with Addigy partnership

The burgeoning enterprise Apple space saw thousands of IT admins virtually attend this week’s JNUC event, and the week tails off with news...

October 2021 Release in Review

NEW! Vulnerability Identification Labs This week at Security Innovation, we are excited to release our first-ever series of vulnerability identification labs. Each lab is...

Making Sure the Lights Don’t Go Out

By Brett Raybould, EMEA Solutions Architect at Menlo Security The ransomware attack on Colonial Pipeline, the largest fuel pipeline in the US has shown...

Most Popular

‘Critical Severity’ Warning for Malware Embedded in Popular JavaScript Library

Security responders are scrambling this weekend to assess the damage from crypto-mining malware embedded in an npm package (JavaScript library) that counts close...

Popular NPM Package Hijacked to Publish Crypto-mining Malware

The U.S. Cybersecurity and Infrastructure Security Agency on Friday warned of crypto-mining malware embedded in "UAParser.js," a popular JavaScript NPM library with over...

Cisco Talos Intelligence Group – Comprehensive Threat Intelligence: Threat Roundup for October 15 to October 22

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Oct. 15 and Oct. 22. As with previous roundups, this post...

Recent Comments