100 likes | 185 Views
Influencing the Board – A CSO View. Paul Wood MBE Group Chief Security Officer . Agenda. Some comments for Thought…. You and Your Credibility Getting Face Time – Align to the Business Case Thoughts and Considerations – The Reality Top Level Buy in and Messaging.
E N D
Influencing the Board – A CSO View Paul Wood MBE Group Chief Security Officer 01/04/2014 page 1
Agenda Some comments for Thought…. You and Your Credibility Getting Face Time – Align to the Business Case Thoughts and Considerations – The Reality Top Level Buy in and Messaging 01/04/2014 page 2
Some comments on Information Security Governance • “The complexity and criticality of information security and its governance demand that it be elevated to the highest organizational levels. As a critical resource, information must be treated like any other asset essential to the survival and success of the organization”. • TERRY HANCOCK, CEO, EASY I GROUP • “The rising tide of cyber crime and threats to critical information assets mandate that boards of directors and senior executives are fully engaged at the governance level to ensure the security and integrity of those resources”. • SHIRLEY M. HUFSTEDLER, BOARD OF DIRECTORS, HARMAN INTERNATIONAL INDUSTRIES • Source ISACA Document on Information Governance • http://www.isaca.org/ContentManagement/ContentDisplay.cfm?ContentID=34997 01/04/2014 page 3
What do the majority of your senior management think of when they think Security? 01/04/2014 page 4
You and Your Credibility • The position you hold and the way you are viewed within the company will inevitably impact your influence with the Board and Senior Management Team • How you network and engage with key stakeholders in all that you do will determine the way you are judged • One event or incident that is handled badly will destroy 10 that are handled well – this will sadly also extend to your team • Having presence and confidence is essential, understanding your business is vital, but being pragmatic and realistic is key to your success • Winning around the skeptics, the influencers , and knowing who has a voice that will sell your story is where you need to invest your time • Be honest, be political and yet be prepared to know what to fight for and what to allow to compromise on 01/04/2014 page 5
BusinessJargon? Desired Business Outcomes Financial Outcomes Transparency KPIs KRIs Value Add Risk Reward versus Return Parlaez Vous - Business? Don’t think so….. 01/04/2014 page 6
Getting “Face Time “ – Align to the Business Case • Use of Threats and Scare Tactics • The ‘Regulator’ demands or needs…. • Company A recently experienced – lessons we have learnt • Risk Reward on Investment Return • Focus on the Business Driver/ Benefit – Not always monetary • Aviva wants to be the most trusted insurance and savings provider • Recognize Me! For who I am – I am not a number! • Link Privacy to customer retention? • Ensure and provide transparency • Articulate the business benefits • Be sure of your facts, be clear of your ideas, be prepared 01/04/2014 page 7
Thoughts and Considerations - The Reality • Be well rehearsed • Do your prior planning and stakeholder engagement • Try to put yourself in their shoes • Expect to be cut short – or face a longer grilling • Be positive and don’t run off the points • Know your subject and your audience • One of our Non Execs is a Technology Director at Google • One sits on the audit committee of another financial institution • Stick to your agenda • Be ready to be blind sided • If your wrong admit it! 01/04/2014 page 8
TOP LEVEL BUY IN – SELLS THE STORY FOR YOU 01/04/2014 page 9