As chief cybersecurity advisor, I regularly receive requests from recruiters working in the field. Acknowledging the economic forces at play, I appreciate that global demand for cyber professionals exceeds supply. Add to this the increasing rate of organizational breaches and explosion in technology and online services, and it is easy to see why demand has spiked.
All of these factors have no doubt fueled a boom in the cybersecurity industry, bringing with it the problem of questionable leadership. There are those who aspire to be cyber professionals, who may even have an IT background but do not have the necessary knowledge, experience, training and time at the coal face in cyber roles. Put simply, they lack good pedigree. The next time someone wants to talk to you about “risk,” ask them if they have ever conducted a threat risk assessment or managed incident response. More than likely, the answer is no.
How do we get the right cyber leadership?
Let’s first consider this through recruitment of a key cyber role — the CISO (chief information security officer).
Recruitment needs to start with well-constructed job descriptions and criteria. CISOs need to be able to develop and set strategic direction for cyber risk and information security. Their areas of responsibility should include:
1. Risk management/risk culture.
2. Documentation standards.
3. Relationships and communication — in particular, with senior management and industry.
4. Incident response and business continuity.
5. Third party management.
6. Compliance activities.
7. Technical capability and delivery.
A must-have requirement is the ability to maintain a current understanding of the cyber threat environment for their industry and related laws and regulations and the ability to translate that knowledge to identify risk and develop actionable plans to protect the business.
The post Cybersecurity And The New CISO: The Leadership Enigma appeared first on Statii News.
source http://news.statii.co.uk/cybersecurity-and-the-new-ciso-the-leadership-enigma/
No comments:
Post a Comment