There are not many positions in this world more sought after in the good times, but also more avoided in times of duress than that of the chief information security officer (CISO). It’s often been joked that CISO stands for Crisis Induced Sacrificial Offering and for good reason. In many of today’s organizations, the CISO is looked upon to help set the tone for how they ensure security, privacy and confidentiality of customer’s information…and their own. When lapses happen, it’s understandable when the board questions the person in charge of IT security.
The Mission of the Cloud-Centric CISO, takes readers deeper into the challenges and opportunities that the CISOs of today are facing in a cloud-enabled business. The reality is, the buck does not stop with the CISO as responsibility has now shifted to the entire executive team, and in fact….they can be an enabler to your own success if you know how to engage and partner with them effectively. This does require understanding their own priorities, their challenges and their goals. Finding out where you both have common interests in the name of security, privacy, risk prevention, regulations, compliance, configuration management, lift and shift, architecture and planning and more….is the first step to a long and mutually beneficial partnership with your CISO.
Based upon the key findings of the Oracle and KPMG Cloud Threat Report, we looked at the key challenges that CISOs in particular are experiencing around the world, and across all industries to identify trends and patterns.
One of the constants that we see for the CISO is the shift of the CISO to become more focused around that of business-enablement. Today's cyber-leaders must be known less for saying "no" and more for saying "yes, and let me show you a safe way how". They must be perceived as an agent of change.
They must plan for incident prevention, detection, response AND recovery. It is the post attack planning that sometimes gets the least bit of attention and as we have seen from the rash of ransomware attacks, recovery efforts are front and center.
We cannot avoid the fact that humans still comprise the single greatest risk to operational security both as the attacker, and as those who create the conditions of risk. We have to find ways to remove these points of risk.
The Mission of the Cloud-Centric CISO is designed to help every line-of-business member to know how to get the most out of their relationships with the CISO. How to partner to find joint success in risk mitigation planning, security initiatives and compliance efforts. To learn more, you can also read on these subjects in the Oracle and KPMG Cloud Threat Report for more additional information.