CISO New Year’s Resolutions

by Bret Bergman
Contributing Editor

CISO New Year’s Resolutions…is 2020 the year your organization finally makes security a business driver? And how would you know?

It’s usually right about now when my New’s Year resolutions start to waver.  So I thought it would be a good time for all of us in cyber to take stock of how we’re doing so far in 2020. This article from Dark Reading offers a good place to start:

1. Resolve to Make Security a Business Driver

2. Resolve to Prioritize Privacy

3. Resolve to Focus on the Human Side of Security

4. Resolve to Be Agile

5. Resolve to Get Better Visibility into Data and Systems

6. Resolve to Make Security (at Least a Little) Fun

I’m going to highlight resolution one but encourage you to read the entire article.

Resolve to Make Security a Business Driver

As usual, my focus is on industrial companies. The “business driver” problem is most acute in industrial sectors. One of the main reasons security is not a business driver in many organizations is well articulated by Jason Haward-Grau, CISO at PAS Global …. “Infosec is often put in as a reason not to do something or, worse, an inhibiter of great ideas to drive the business forward.  2020 is the year that we should really seek to embed the security enablement process into the business. In 2020, I want to ensure infosec is fully embedded into the business value chain.” I couldn’t agree more.  But how?

Briefly, here are three steps to take:

• Position cyber as a business enabler (rather than just a risk reducer)
• Partner with your COO on delivering the enablement message
• Ensure cyber is formally part of all relevant approval processes (vendor selection/procurement, capital projects, etc.)

Good luck in the rest of 2020!