Playing the Game of Thrones: Ensuring the CISO’s place at the Kings Table
Why is is the CISO constantly frsutrated with being required to report to areas of the business that either don’t understand it or conflict with so many of the core deliverables of the role? Too often it is beholden to the agenda of the technology focussed CIO or blinkered by the financial constraints of the CFO. How has the role even got to this place?
Starting with a brief historical look at where the CISO role was borne from in the first place, progression to this current state of affairs is shown to be inevitable. What is needed is a plan to disrupt this status quo and ensure a CISO is in a position to not only understand the power of the business intelligence that is produced in a well managed environment, but how to ensure it reaches the board in a way that is understood.
Through the use of a universally understood information security model, the CIA triangle, the presentation explores three key areas to assure the success of the CISO in being asked to report to the board rather than being summoned to it.
Initially the actual source of the information, its gathering, the methods employed and the common pitfalls often seen are explored and clarified. What are the common mistakes, how are they rectified and how can you recognise when the data gathering programme is going awry?
Secondly, how is it being pulled together, and what is it saying? How to understand the audience it is being presented to and what can be done to improve its chances of being understood.
Finally, how does the CISO make the final push for the board? What are the key principles that need to be understood about supporting a successful business, what home truths about the information security industry are rarely mentioned and how can the CISO differentiate themselves from those that came before?
This presentation seeks to broaden a CISO’s skills beyond the technical and the post nominal focussed industry accepted norms and into those that actually help a business do what it does best.
RSA Europe, Amsterdam October 2013