Clueless Board or Inarticulate CISO
-
Upload
jitender-arora -
Category
Technology
-
view
640 -
download
0
Transcript of Clueless Board or Inarticulate CISO
Disclaimer: Views and opinions presented in this talk are entirely my personal opinions only and in no way represent the views, positions or opinions – expressed or
implied – of my previous or current employer or anyone else
Clueless Board Or Inarticulate
CISO?
Author: Jitender Arora
Date: 10th June 2013
Twitter: @jee2uu
2 @jee2uu: Is The Board Apathetic?
3 @jee2uu: Boards Are Not Clueless, They Are Badly Informed
@Forbes: Boards Are Still Clueless About Cybersecurity
4 @jee2uu: Different angles makes us look at things differently
5 @jee2uu: Tough climates calls for drastic measures
6 @jee2uu: Why would the board pay if they don’t believe in ROI?
7
@jee2uu: Who is to blame if the board doesn’t get it? What is that I
want? Who is responsible for fulfilling my objectives?
8 @jee2uu: I need to help myself. Nobody else will do it for me
9 @jee2uu: Motivation drives innovation and excellence
10 @jee2uu: We crave for recognition and support i.e. funding
= + Business
Outcomes
11 @jee2uu:Spend far too much time communicating scare stories
F(ear) U(ncertainity) D(oubt)
12 @jee2uu:CISOs are seen like airport security staff
13 @jee2uu: Security is about what you make possible
14 @jee2uu: CISO must gain confidence and trust of the board
15
@jee2uu: Metrics goes long way while dealing with Board Members
and C-Execs because they get it. But it has to be meaningful
16
@jee2uu: Communication frequency is all about relevance
17
@jee2uu: Getting attention once is easy. Staying on top of the mind is
difficult. CISOs need to be persistent
18
@jee2uu: Fear of failure kills innovation. Be ready to take risks
19
@jee2uu: An opportunity to describe returns delivered to the customer
Annual Information Security
Report
20
• Executive Summary
• Information Security Team
• Key Highlights 201X
• Information Security Risks &
Exposures
• Key Priorities 201Y i.e. Next
Year
• Influencing Factors / Challenges
• Information Security Strategy
• Closing Statement
Annual
Information
Security
Report
21
• Business Outcome
Recognition for self and the team
Funding to drive growth
• Building Trust and Credibility Is The Key
Meaningful metrics can go long way
Delivering results with effective communication. Perception Management is equally important
• Annual Information Security Report
Think differently
Out of sight, Out of mind
Relevant and Meaningful
Finally...
@jee2uu: Motivation drives innovation and excellence
Thank You
My Blog: http://jitenderarora.co.uk
Twitter: @jee2uu
LinkedIn: http://uk.linkedin.com/in/jarora