It feels like a new era (and a new decade), so what can you do to create success in your new role as a CISO?
We’ve listed five tried and tested tasks that will not only make your life easier, they’ll also showcase your skills and that of your team within your organisation:
1. Undertake a security maturity assessment
Let’s start with the most important thing you can do to make a difference in your business – a security assessment.
It’s important to understand your level of compliance against standards such as ISO27001, PCI or ISM. Aligning industry best practices to locate and assess security risks through Security Testing and Architectural Assessment Framework, will help you understand where your business currently stands and the direction you'd need to take to improve the overall security posture.
2. Identifying your organisation’s security gaps
There are a number of questions you should ask when creating a plan to tackle your organisation’s security.
The most important questions are - What are your weaknesses? How could an attacker gain control of your systems or data? Do you have the skills in-house to drive change and fill gaps?
List down your vulnerabilities and patch levels so that you understand your attack surface. The ASD’s Essential Eight strategies can provide a brilliant starting point for those wanting to increase their security levels and it helps to mitigate up to 85% of targeted attacks.
Once these are down on paper, you can get busy creating a team and moving through your to-do list, starting with the quick wins.
3. Deliver quick wins (to build credibility)
Once you have a clear idea of where the work needs to be done, map a plan for endorsement from the senior management team so that you can get buy-in and get started.
Planning may include: updating core software, creating backups, implementing cloud-based storage, and a patching schedule (if you don’t already have one). The plan should include any budgetary requirements and layout any additional resourcing needed to get the job done quickly – the organisation’s continued success is at stake after all.
In the background, your team can be chipping away at any small or easy tasks to build confidence in your stakeholders and to ensure progress occurs from day one.
4. Build key stakeholder relationships
Trust is key when it comes to relationship building.
Building trust and engaging with key stakeholders will make your life easier in the long run. Business units rarely operate in silo successfully, so it pays to take the time to get to know the CIO, CFO and other members of the business that work in alignment with your team.
Technology is so much broader than it was even five years ago, especially if you look at the platforms used by marketing, finance and HR, and that’s before we get started on warehousing and fulfilment. Close relationships will allow you to understand the needs of these groups and meet them halfway with their requests – many a business has been rocked by other departments implementing a platform that jeopardises customer and company data because they didn’t feel they needed to engage with IT first.
5. Seek out collaboration and external support
Even the largest in-house teams can have skills gaps, and with cyber security being increasingly fast-moving and difficult to stay on top of when you have a myriad of other tasks calling your name, it can all get to be a little bit too much. If this is the case in your organisation, outsourcing can be a more cost-effective and timely way to achieve your goals.
The Missing Link has a team of security experts that can step in to assist your team at any time – be it a short term engagement for an urgent requirement or an ongoing engagement to fill a much-needed role within your business, our team are some of the most highly qualified security specialists in the industry. With industry certified professionals, we have one of the strongest security teams in Australia. We’re also a CREST approved company and we’re unrelenting in our drive to do more to protect Australian businesses from cyber security threats.
There you have it – our playbook to creating success as a CISO in 2020. We’d love to hear how you get on, so send us an email or give us a call and let’s chat.
If you liked this article, you may also like:
What to expect from RPA in 2020
6 hidden Windows 10 features you should be using
SASE: The future framework for network security