For a security program to be successful, organizations must view security as a business enabler and not as a roadblock....
This requires CISOs to help the C-suite and members of the board understand the role of security and why it's important they are aware of cyber-risks and threats.
In this Ask the Expert, John Hellickson, managing director of global strategy and governance at Kudelski Security, offers tips on how CISOs can become business enablers. Hellickson explains that it's imperative for CISOs to cultivate knowledge about their organization's objectives, challenges and processes to help steer valuable conversations about cybersecurity. He also stresses the need to include executive leadership when crafting a long-term cybersecurity strategy.
In what ways can a CISO become a business enabler?
John Hellickson: The first thing that comes to mind is to fully understand the organization's strategic goals and mission, along with the business responsibilities and challenges each C-suite and executive leader has on a day-to-day basis.
The CISO should realize that every C-suite member has a different perspective about top risks for the organization and shouldn't assume that cybersecurity trumps all other risks. If the CISO understands the key products and business processes, and how their security controls enhance or ensure availability of those products and processes, they could have more rich and meaningful conversations with those business leaders to pave the way for future support when security initiatives may have an impact on people or processes of that business leader's organization.
Another often overlooked element is the transparency of the cybersecurity program and its multiyear strategy. Providing C-suite members the opportunity to share their top challenges and concerns, as well as their thoughts on cybersecurity prior to developing a multiyear cybersecurity roadmap is crucial, even if their input doesn't have a material impact on that roadmap. Linking cybersecurity initiatives to business outcomes that provide value beyond just protecting the organization, while helping the organization achieve its goals and objectives, is an easy way to demonstrate business alignment and value.
Dig Deeper on Cybersecurity strategy
Related Q&A from Mekhala Roy
In this Ask the Expert, Lumentum SVP and CIO Ralph Loura highlights two key factors to consider when choosing among public cloud giants AWS, Azure ... Continue Reading
Tufin Technical Director Joe Schreiber highlights how automating security operations can benefit an organization and discusses best practices for ... Continue Reading
In this Ask the Expert, Gartner's Marco Meinardi explains business factors driving cloud security practices and explains the role of the CIA triad in... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.