CISOs today are challenged to report, measure, and demonstrate return on investment to the C-suite and board. CISOs must address these success enablers, because if they don't, they become silent killers. The lack of ability to report, measure, and demonstrate ROI has been keeping CISOs from a strong and enduring relationship with the C-suite.
The following is a high-level cycle of five success enablers. The first, if successfully set up, enables the second, and onward, with the last reinforcing the first.
1. Security Goals That Don't Resonate with the C-Suite and BoardWe often hear: "Security is a journey, not a destination." That's a real problem for business executives because they're driven by results. They have a fiduciary duty to shareholders to get the most value from an investment. If CISOs have not established security goals that resonate with executives, there isn't a destination to showcase. In this way, security becomes a journey without a destination. Unfortunately, for CISOs that's often a journey to C-suite discontent and onward to a new organization.
CISOs should align their cyber resilience goals around business crown jewels. These are top-of-mind business assets that have executive and board-level significance and are clearly critical to business success. This way, it is crystal clear the value that security can provide and doesn't need to be supported with a regulatory and complex probabilistic impact argument.
2. A Strategy That Doesn't Clearly Interlink Height, Depth, and Breadth of Cyber ResilienceMost security strategies weakly establish the height, depth, and width of what we might call the "cyber resilience wall." This is an oversimplification in security terms but an easy way to connect with business leadership to agree on ke ..
Support the originator by clicking the read the rest link below.
