The Business-Minded CISO
eBook - ePub

The Business-Minded CISO

How to Organize, Evangelize, and Operate an Enterprise-wide IT Risk Management Program

Bryan C. Kissinger

  1. 142 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

The Business-Minded CISO

How to Organize, Evangelize, and Operate an Enterprise-wide IT Risk Management Program

Bryan C. Kissinger

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

This book describes the thought process and specific activities a leader should consider as they interview for the IT risk/information security leader role, what they should do within their first 90 days, and how to organize, evangelize, and operate the program once they are into the job.

Information technology (IT) risk and information security management are top of mind for corporate boards and senior business leaders. Continued intensity of cyber terrorism attacks, regulatory and compliance requirements, and customer privacy concerns are driving the need for a business-minded chief information security officer (CISO) to lead organizational efforts to protect critical infrastructure and sensitive data. A CISO must be able to both develop a practical program aligned with overall business goals and objectives and evangelize this plan with key stakeholders across the organization. The modern CISO cannot sit in a bunker somewhere in the IT operations center and expect to achieve buy in and support for the activities required to operate a program.

This book describes the thought process and specific activities a leader should consider as they interview for the IT risk/information security leader role, what they should do within their first 90 days, and how to organize, evangelize, and operate the program once they are into the job. It provides practical, tested strategies for designing your program and guidance to help you be successful long term. It is chock full of examples, case studies, and diagrams right out of real corporate information security programs. The Business-Minded Chief Information Security Officer is a handbook for success as you begin this important position within any company.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que The Business-Minded CISO est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  The Business-Minded CISO par Bryan C. Kissinger en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Business et IT Industry. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
Business Expert Press
Année
2020
ISBN
9781951527518
Sujet
Business
Sous-sujet
IT Industry
CHAPTER 1
Before You Take the Job
You’re likely reading this book because you are either interested in becoming a CISO/IT Risk Leader, you have accepted a job offer in this role, or you are trying to figure how to do the job now that you are in the role. Regardless of the reason, this book will help you.
There are several key criteria you should evaluate as you enter this level of a role and leadership position within any organization.
Understand the Industry/Company with Whom You Are Interviewing
The CISO/IT Risk Management leader role can vary greatly depending on the industry and specific company in which you are looking to work. Historically, the financial services and retail industries have had the most mature security and IT risk functions. The digitization and consumerization of financial, credit card, and banking data has forced those industries to invest heavily in people, processes, and technology whereas other industries are now playing catch up.
In an interview, you will likely be asked what your industry and market is facing in terms of specific risk, threat vectors, and how your competitors are addressing them, and you have to address these questions if you are new to the role as well. Even as a seasoned CISO, your governing board and other C-level executives will want to understand, on an ongoing basis, how your industry and company compares to others. Certain industries—the health care industry for example—truly value prior experience with IT risk and security leadership roles with other health care organizations. The culture of most health care organizations differs from other industries in that patient care and system functionality and interoperability trump security almost always. That doesn’t mean you can’t implement a secure environment; it merely means that as the IT risk and security leader, you will need to be cognizant of this philosophy when answering interview questions or later building the program. There are many useful references for learning the trends in IT risk and security for various industries. Gartner, Inc. (“Gartner”) and others publish annual reports on leading trends by industry and technology. For example, increasing mobile and consumerization of data is a major trend in the health care industry that is dramatically impacting the delivery and access of information systems.
Prior to interviewing for any position, make sure you thoroughly research the company online. A company’s website is usually a great source of demographic information, information about key leaders and the governing body, and the mission and vision strategy. You will also want to know the local market and national competitors/comparable organizations. If interviewing at a large retailer, you will want to demonstrate that you understand how other large retailers think about risk and security and whether they have had any notable public issues worth mentioning. During one CISO job interview, I was asked how the health care industry differed from other industries and what my philosophy was on the security-versus-functionality argument. This is a question for which you want to have a ready answer; otherwise, you will appear to be inexperienced and lacking strategic vision. For example, I was asked, “How do you adjust your approach to securing clinical environments when access and functionality are the most critical facets of technology support?” to which I replied,
Making systems more secure doesn’t have to necessarily make them harder to use. In another health care setting, I was able to implement proximity card access badges for clinicians which logged them in and out to their systems automatically depending on their distance from the work station. This actually made their workflow more efficient and achieved the security objectives I was seeking.
Another great source of industry and corporate information is colleagues within your network. Be aggressive about asking acquaintances about the industry you are entering. If you are fortunate enough to know someone at the company where you are interviewing, ask them about the culture, the challenges, and major initiatives being pursued. This research and preparation will set you apart from every other candidate. It also shows your interest and passion for the role.
Because of the title of this book, I would be remiss if I didn’t advise you to think like a “business person.” Going into the interview or the new role, you should decide which sort of CISO/IT risk management leader you are. In my experience, almost no one is both deeply technical and deeply business savvy. Most CISOs identify as being one or the other: either very technical (often the types that lead technical companies or product security groups) or more business leaning where they understand IT and information security relatively well yet have a closer affinity to translating technical concepts for business and operations teams. For the latter, think “business liaison working within IT.” Knowing who you are and having a clear identity is important at the outset. You may find during the interview process or in early days on the job that certain stakeholders value one or the other type of CISO/IT risk management leader. Your ability to secure the job and perform successfully will likely be dependent on what sort of CISO/IT risk management leader your organization is looking for and how it aligns with the culture and organizational structure.
Lastly, have a personality, both at your interviews and in your job. I have found success in these roles by having a sense of humor and generally being able to relate to all levels of employees and many functions across the enterprise. No matter how important you think information security and IT risk management is, it is not as top of mind or as critical to the CFO, internal audit, physicians, and frontline staff. Success at getting the job and being successful in the job will be directly related to the relationships you are able to build and sustain (more on that later). Don’t be that nerdy IT person; it’s not the 1970s anymore. Showing up with a pocket protector and slide rule will not get you the job. Be a business-minded CISO.
Establish there Is Support for the Program:
Governance Structure
You control your interview preparation, industry and company research efforts, and philosophy/personality. You do not control—at least at the outset of taking on this role—the level of support and governance structure in place for your IT risk and information security program. There is nothing wrong in asking your prospective boss—or the peers you are interviewing with—about the reputation of the existing team and whether the CIO, CFO, CEO, and governing body values and supports this work. For example, will you have a seat at IT leadership meetings? Will you be able to brief the governing body and related subcommittees directly on risks and program strategy? Are key business unit leaders supportive of this function?
Asking these questions informs your prospective boss and peers that you expect to have a high-level audience for your program. Many “CISOs” (in quotes because often they aren’t formally designated as such) have experienced less than successful outcomes because they did not have the appropriate level of visibility in the organization. There is no question that in today’s business environment, cybersecurity and IT risk topics are top of mind for corporate boards and C-level leaders. If you will be buffered by another leader, or you get the impression that support for the role and function is not strong, you may want to give this opportunity a lot of thought. It’s not impossible to succeed in such an environment, but you will need to spend a lot of your early days building business cases (I’ll show you how later in this book) and evangelizing your program....

Table des matiĂšres

  1. Cover
  2. Halftitle
  3. Title
  4. Copyright
  5. Abstract
  6. Contents
  7. Preface
  8. Acknowledgements
  9. Chapter 1
  10. Chapter 2
  11. Chapter 3
  12. Chapter 4
  13. Chapter 5
  14. About the Author
  15. Index
  16. Backcover
Normes de citation pour The Business-Minded CISO

APA 6 Citation

Kissinger, B. (2020). The Business-Minded CISCO ([edition unavailable]). Business Expert Press. Retrieved from https://www.perlego.com/book/1388914/the-businessminded-cisco-how-to-organize-evangelize-and-operate-an-enterprisewide-it-risk-management-program-pdf (Original work published 2020)

Chicago Citation

Kissinger, Bryan. (2020) 2020. The Business-Minded CISCO. [Edition unavailable]. Business Expert Press. https://www.perlego.com/book/1388914/the-businessminded-cisco-how-to-organize-evangelize-and-operate-an-enterprisewide-it-risk-management-program-pdf.

Harvard Citation

Kissinger, B. (2020) The Business-Minded CISCO. [edition unavailable]. Business Expert Press. Available at: https://www.perlego.com/book/1388914/the-businessminded-cisco-how-to-organize-evangelize-and-operate-an-enterprisewide-it-risk-management-program-pdf (Accessed: 14 October 2022).

MLA 7 Citation

Kissinger, Bryan. The Business-Minded CISCO. [edition unavailable]. Business Expert Press, 2020. Web. 14 Oct. 2022.