1 / 20

Enhancing Security Investment Buy-In for CISOs

Gain influence for security investments from the board by addressing disconnect in communication channels, conflicting agendas, and changing perception with practical resolutions and personal strategies.

mcintosh
Download Presentation

Enhancing Security Investment Buy-In for CISOs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro CISO Alliance - Internal use only

  2. Session prepared and presented in private capacity • My opinions don`t reflect on Truworths • Shared cases and experience depict solely my international background • No recording devices allowed Disclaimer CISO Alliance - Internal use only

  3. Buy-In How to gain influence & Buy-in for Security investment from the Board?

  4. Disconnected communication channels • Conflicting agendas • Management “doesn`t seem to get it” • Putting out fires vs. strategic proposition Challenges for CISO`s CISO Alliance - Internal use only

  5. Only 22% of CISO`s report directly to the CEO1 • 80% of Business leaders: Cyber Security = technical/compliance routine2 • 74% of C-Suite executivesagreeCISO`s ≠ Board3 Ugly Truth CISO Alliance - Internal use only

  6. FUD (Fear, Uncertainty & Doubt) • Compliance (GDPR,POPIA,PCI DSS, King IV) • ….all too often it takes a breach…. Usual remedy CISO Alliance - Internal use only

  7. FUD = Youalways bring badnews = Bad News • GDPR/POPIA = You`rethecomplianceguy = Policeman • Breach = Youweren`tabletoprotectus = Doubt UsualPerception CISO Alliance - Internal use only

  8. PracticalResolutions CISO Alliance - Internal use only

  9. Find yourcause. Defineyourcoreprinciples. 3. Letyouractionsreflectyourcause. Source: «Start withWhy» S. Sinek, 2009 1. Putting out fires vs. strategic proposition CISO Alliance - Internal use only

  10. Treatyour Department asyourowncompany. Improveyourbusinessmodel Source: Strategyzer (https://www.strategyzer.com/training/courses/mastering-business-models) 1. Putting out fires vs. strategic proposition CISO Alliance - Internal use only

  11. Understandyourcustomer Mapyour Value proposition Source: Strategyzer (https://www.strategyzer.com/training/courses/mastering-value-propositions) 1. Putting out fires vs. strategic proposition CISO Alliance - Internal use only

  12. Talk risk not Cyber Security • Howwellareyoumanagingyourriskposture? • Technical debt – ongoinganalysisoflegacysystems • Whycertainriskswhereacceptable = businessbenefit • Whatisthegovernancestructure? • Howdidyousetupand manage securitycontrols/tools • Howareyourpreparingforthefuture? • Howareyouravoiding additional debtsanddeficits? • Howareyouenablingbusiness? 2. Management “doesn`t seem to get it” CISO Alliance - Internal use only

  13. Makeit «personal» • Phishyour C-Suite (theoretically) • Social Media Do`s and Dont`s (privacy settings, etc.) • Developsecurityguidesforhomeenvironment • parental control, ACL`s, MAC AddressFiltering, etc. • Offerguidance on cloudservices (e.g. Evernote) • Crash course in mobile security 2. Management “doesn`t seem to get it” CISO Alliance - Internal use only

  14. Ignite the conversation • Create «CISO Lunch» • Quarterly Security Updates • HaveyourownIntra – Social – Media Channel • Coffee – Breaks with Marketing/Data-Analysts 3. Disconnected communication channels CISO Alliance - Internal use only

  15. TRUST • createlonglasting positive businessrelationships Elements of Trust5 3. Disconnected communication channels CISO Alliance - Internal use only

  16. «Ifyoucan`tbeatthem – jointhem.» • Big Data • Cloud Security • Future Workplace (aka Digital Transformation) • AI/Machine Learning • Key Projects 4. Conflicting agendas CISO Alliance - Internal use only

  17. Know what you are standing for (Value Proposition) • Research your customers‘ jobs, pains & gains match it with VP • Speak the language of your customer • Be your own twitter • Join the Team  Key Take Aways CISO Alliance - Internal use only

  18. Thank You Christine Fahlberg IT Security Manager CISO Alliance - Internal use only

  19. What are the most common main objections you’re facing when trying to obtain buy-in? CISO Alliance - Internal use only

  20. Jody R. Westby (2015),Governance of cybersecurity: 2015 report, Georgia Tech Information Security Center • Deloitte CISO Labs data, 2015 • ThreatTrack Security Inc., No respect: Chief information security officers misunderstood and underappreciated by their C-level peers, June–July 2014 • World Economic Forum in collaboration with Deloitte, Partnering for cyber resilience: Towards the quantification of cyber threats, January 2015 • ZAND, D. (1997). The Leadership Triad. Oxford University Press Annex CISO Alliance - Internal use only

More Related