CISO Tips: Speaking the language of business

Similar documents
CISO Tips: Balancing the hero with the storyteller

FROM THE SERVER ROOM TO THE BOARDROOM:

Outgrowing Sage 50? 7 Signs It s Time to Step Up to Cloud Accounting

Cyber Risk Management: Bringing Order to Chaos Peter Gouldmann. U.S. Department of State Bureau of Information Resource Management

EVOLUTION OF A BUSINESS SYSTEM HAIRBALL

Who We Are. Our Audience. Where Are They? 11,950 Followers. 10,400 Subscribers. We bring confidence to decision making.

Microsoft Dynamics Oil and Gas Telesales Guide

Key Stakeholders that benefit from video interviewing

SAS ANALYTICS AND OPEN SOURCE

SUSTAINING AN ETHICAL CULTURE: IT S NOT ALWAYS BLACK AND WHITE

EVOLUTION OF A BUSINESS SYSTEM HAIRBALL

Using Surveys to Track and Improve Customer Satisfaction

BT and the Future of IT Security. Bruce Schneier Chief Security Technology Officer, BT BCSG. 27 February 2009

The Psychology of Procurement. Uncovering the barriers to business growth in tough economic times

LEADING A CULTURE TRANSFORMATION

Selling Enterprise Contract Management Internally

ROI & Marketing. Prove the ROI of your marketing efforts by presenting these six metrics. A Publication of

How to Sell Marketing Automation to Executives

Seven Key Success Factors for Identity Governance

SEO & PPC 6EFFECTIVE TACTICS TO IMPROVE SEARCH THE SMALL BUSINESS BLUEPRINT RANKINGS & DRIVE LEADS ON A LOCAL LEVEL

ITPMG. IT Performance Management. Solving the Measurement Paradox. August Helping Companies Improve Their Performance. Bethel, Connecticut

HOW TO HIRE A SECURITY TEAM STRONG AND EFFECTIVE HOW TO HIRE A STRONG AND EFFECTIVE SECURITY TEAM - 1

Five trends in Capacity Management

Innovative Marketing Ideas That Work

Integrator s Guide to Process Improvement &

From Vulnerable to Valuable

5 top questions for finding the best construction accounting software BY FOUNDATION SOFTWARE

Developing a Return on Investment (ROI)

The CISO s Ultimate Guide to Reporting to the Board. Win respect, earn more budget and change the world one security improvement at a time.

BUILDING A STRATEGIC PRICING ORGANIZATION

10 Must-Track Metrics in Talent Acquisition

Introduction 1. Bad Apple Group Activity 2. Why do we Avoid Providing Coaching and Feedback to Employees?

The ROI on Member Retention

The Four Stages of Cultural Transformation

Spotlight on Success. July Brendan Howe

Foundation. Get people to talk. Tell them what to say. NEFMA 2018 SPRING CONFERENCE // KEY TAKEAWAY: // NOTES:

Prescriptive Analytics Drive Tech Refresh Decisions

HAVE YOU MADE COMMON COSTLY MISTAKES? ANY OF THESE. Muir & Associates, LLC

The Financial and Insurance Advisor s Guide to Content Writing

Are You Ready for the Next Generation of Network Management?

The CRM Pocket Book. What works & what doesn t & CX

Contents. Foreword 4. ResQ at a glance 5. Our purpose 6. Our core values 7. Our business model 8. Our services 9. What we are 10. Phrases we like 11

The 10 Parts of a Great Website Design Request for Proposal (RFP)

Information Dashboards:

The ROI of Translation

WHAT IS MARKETING AUTOMATION?

Healthcare s New Change-Maker: The CFO

10 ways to raise your users cybersecurity IQ. By Alison DeNisco Rayome COPYRIGHT 2018 CBS INTERACTIVE INC. ALL RIGHTS RESERVED.

What s the point of product management?

10 Things In-House Counsel Need to Understand About Business Alan K. Tse, General Counsel, LG Electronics MobileComm USA Karen Wishart, Executive VP

Let us introduce you to Course Match

The Future of the CISO Role - RSA February 2017

Life Cycle of a New Product

RESEARCH NOTE IMPROVING ANALYTICS DEPLOYMENTS WITH IBM PARTNERS

Successful Strategizing

I want to sustain & implement launching or growing what I do

I want to sustain & implement launching or growing what I do

How To Sell More Of Your Business Products & Services Via Linkedin

ENABLE MORE EFFECTIVE SALES CALLS

Delight Your Customers with HVAC Field Service Management

How to be a CULTURE ARCHITECT. by Laura Hamill, Ph.D.

Are You Ready? Compliance Officer 2.0. The Next Generation Compliance Officer. White Paper. White Paper

A Strategic Approach To Environmental Branding

Most organizations spend

A life sciences sector perspective

Turning Feedback Into Change

Definitive Guide for Better Pricing. Build a solid pricing foundation that will help you create consistent sales and profit growth.

Marketing Accountability Standards

I Want You To Win This Game!

CLOUD ERP DEMYSTIFIED. LET S CUT THE An interview with DAVID BRASSFIELD

Communication. Understanding

You and Your LMS: 5 Ways to do More with Less

Reviewed by Paul Harmon

Benchmark Report. Online Communities: Sponsored By: 2014 Demand Metric Research Corporation. All Rights Reserved.

The recipe for hyperfast DevOps instrumentation. An e-guide to infrastructure as code

Exploiting Knowledge to Deliver Better IT Services

The top 8 reasons. to outsource your IT. to a managed services provider

Jewel Software. A Case Study. January 15, 2007

Social Technology Weaves an Enterprise Together

Predictive Marketing: Buyer s Guide

Leica Geosystems. case study

What s right for your business?

E-Guide READING THE SIGNS FOR ERP CONSOLIDATION

Tech-Clarity Perspective: Reducing Non-Value Added Work in Engineering. Improving Efficiency with Real-Time Access to Design Information

How to Pitch Content Marketing to Your Boss

Delivering Value Why Else Are You Doing The Project?

What Business Transformation Approach is Right for CIOs

If the language of business is dollars, then the alphabet is numbers. - Jac Fitz-enz

8 ways to make your survey useless if you are making any of these mistakes with your surveys, you might as well throw away the data and start all over

Breaking Out of the Security Metrics Matrix: Steps in the Right Direction

Security Today. Shon Harris. Security consultant, educator, author

GETTING TO KNOW YOUR CUSTOMERS

Technology Strategies for Startups

Reflections of a Six-Time CMO

Grow Your Business By Increasing The Average Sale Value

Tips and Tricks for Working With or Being a Consultant. CASE Summer Institute for Advancement Services

The Market Economy. The Economy. Consumers, Producers, and the Market. Are You Motivated Yet? Name:

Seems silly, right? Nobody does that. They just call the power company and say, Hook me up. Get just what you need, just as you need it.

WHY DO I NEED CRM? Answers to frequently asked customer relationship management questions.

When Did You Last Grow Profits by 61%? Here s 5 Ways to Do So Today

Transcription:

CISO Tips: Speaking the language of business The six phrases CISOs can use to connect with business executives 2017 Cybereason. All rights reserved. 1

A cost center that doesn t align with the rest of the organization. Is run by people who don t understand the business objectives. The part of organization that fails to deliver return on investment. The department of no. If you re a CISO or an information security leader, these are some of the phrases that you may have heard used to describe your department (or possibly you). Whether or not these depictions are accurate is debatable. But what s not open to discussion is that the role of information security executives has evolved. CISOs may now find themselves talking to investors about how an attack impacted quarterly earnings in addition to more traditional duties like managing a SOC. Fortunately, CISOs aren t the only leaders with a technology background who had to demonstrate their business acumen to peers. CIOs had to make this same transition. When these technology leaders began to appear in organizations about 15 years ago, they also had to align with the business objectives. CISOs now find themselves in the same role. They re in the boardroom with peers who don't understand how security impacts them. To connect with business-minded colleagues, CISOs need to learn and speak the language of business, which centers around these six concepts: 1. Risk 2. Revenue 3. Employee efficiency 4. Strategic value 5. Cost 6. Customer satisfaction 2017 Cybereason. All rights reserved. 2

Risk Addressing risk is critical for CISOs when talking to other c-levels and the board. Risk mitigation is the link between a company s security and business units. CEOs, COOs and CFOs want to reduce it while CISOs are the ones who can accomplish this task. CISOs should try and avoid talking about super technical details. The CEO and your board don t need to know about server configurations or the nuances of the organization s patch management strategy. But, they do need to know if the company can muster enough servers to prevent a DDoS attack and has patched the Windows vulnerability that lets attackers use the EternalBlue exploit. Revenue Simply put, this is how information security can help an organization make money. While this concept may seem obvious, InfoSec departments are often perceived as the department of no. Even worse, security personnel, and the CISO in particular, are viewed as the people responsible for stifling innovation. And innovation can give a company an edge over their competitors - hurt innovation and you risk hurting revenue. To avoid being seen as the department of no, CISOs need to talk to their colleagues about what they re working on. The sooner CISOs learn about upcoming projects, the sooner they can suggest ways to incorporate security from the start. Not only does this make a product more secure, but it also allows the development process to be in tandem with the addition of security measures. Employee efficiency Security is often seen as impeding employee efficiency. Countless employees can share anecdotes of how a security application slowed down or crashed their machine. And there s the belief that security departments stifle innovation, which also ties into employee efficiency. The situation sometimes plays out like this: Developers spend months adding features to a product. Eventually, the security department reviews this work and determines that some of the features could jeopardize a customer s security and need to be dropped. The developers, who feel that they ve wasted their time, now spend even more time reworking the features to meet the information security requirements. 2017 Cybereason. All rights reserved. 3

Strategic value Information security has to show the value that it brings an organization. Security programs can t be carried just for the sake of security. They have to be conducted in the context of the organization s overall business objectives and help the company meet those goals. The security department can t block innovation. Cost When buying a security tool, hiring for the security team or making any other security-related expenditure, show that spending this money is less of a financial risk than not addressing the vulnerability. This is especially true when discussing budgets with CFOs, who relate everything to finance, money and return on investment. For an even more detailed view of how a business work, security executives should befriend the CFO and ask to look at the profit and loss statement. Customer satisfaction Product development is the link between information security and happy customers. Product teams are the ones responsible for creating the services and products customers use while security teams ensure that those products and services are as secure as possible. The challenge for security teams is to keep the product secure without impeding its performance and negatively affecting the user experience. Achieving this requires security to be involved from a product s design from the start. When information security partners with product, incorporating security is much easier than trying to tack it on once the item is being sold, leading to protected and content users. 2017 Cybereason. All rights reserved. 4

Business leaders care about how security fits into and improves each of these areas. Avoid talking about technical topics that only people with computer science backgrounds would understand. The average executive isn t going to understand cross-site scripting or machine learning algorithms. But they do want to sell a product that protects customer data, reduce the risks the organization faces and increase yearly revenue. Don t abandon your technical roots Becoming business savvy doesn t mean technical knowledge and maintaining relationships with the people who carry out IT security are less important. CISOs must master being involved in both of those realms. Security executives need cred with the analysts who attend Black Hat. But they also need to earn a seat in the boardroom by demonstrating that they re the source of understanding risk from an IT infrastructure perspective. There is hope for the CISO Technology is now seen as a critical to providing an organization with a competitive advantage while CIOs are expected to be included in executive discussions around corporate strategy. The same fate awaits CISOs if they frame information security discussions around how their plans benefit the organization and speak the language of business. About Cybereason Cybereason is the leading provider of behavioral-based enterprise attack protection, including endpoint detection and response (EDR), next-generation antivirus (NGAV), and active monitoring services. The Cybereason solution reduces security risk, provides complete visibility, and increases analyst efficiency and effectiveness. Cybereason partners with enterprises to gain the upper hand over adversaries. Cybereason is privately held and headquartered in Boston, with offices in London, Tel Aviv, and Tokyo. 2017 Cybereason. All rights reserved. 5

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback