Seven traps organisations fall into over cyber security - TEISS

Seven traps organisations fall into over cyber security - TEISS

While presenting Verizon’s Payment Security Report, head of Continental Europe Advisory Services GRC/PCI Gabriel Leperlier outlined seven traps that organisations fall into when building their cyber security capabilities.


1.      The CISO leaves


It’s never good when a key team member leaves. And the CISO is no exception. They often have an enormous amount of tacit knowledge about systems and risks contained in their heads, as well as the explicit knowledge that has been written down in processes, playbooks and the like. But CISO’s regularly leave, on average after just 26 months.


Why? They are often the fall guy if there is a breach, and get sacked (even if it’s not their fault). Or they might be sacked for being too strict and causing an obstacle to people getting their work done. (If that happens it is almost certainly because they are being told to achieve the impossible.) Or they get poached by another organisation – when it comes to CISOs, supply doesn’t meet demand so there will always be competition for them.


2.      The CISO is underqualified


All too often cyber security isn’t seen as a strategic priority. It’s a “have to have” rather than a “want to have”, and so employing a CISO is a box-ticking exercise. As a result they (and the support around them) are under resourced. Low pay will generally mean low skills.


Another problem is the nature of the job description. People who don’t understand cyber security are likely to focus on requiring specific technical skills, without realising that the job is a wide one, needing a range of techn ..

Support the originator by clicking the read the rest link below.