Читать книгу Cyber Mayday and the Day After - Daniel Lohrmann - Страница 21

Organizations and businesses need to ensure that their cybersecurity strategies are centered on people, process, and technology. Traditionally, the focus has been on IT, and even CISO appointments have been given to the IT staff, reporting to the CIO. Aside from this reporting line, which would result in a conflict of interest, it is key for CISOs to carry a large responsibility in the organization and to be given the authority to raise the alarm if something is not right, even if this relates to the actions of their executives or their decisions.

In appointing CISOs, CEOs and boards should ensure that the individual is equipped with qualities such as strong technical expertise in cybersecurity, business acumen, crisis management skills, and a soft skill that has been often neglected: a flair for public speaking, especially to senior executives and stakeholders.

No businesses want to be a sitting duck, which is why it is critical for the CISO leadership to be appropriately identified and strategically placed in the organization. The CISO and team play a huge role in steering and executing the cybersecurity program, ensuring that appointed parties are responsible and accountable. The cybersecurity function (ideally led by a CISO) has to be deliberated at the C-suite and reported at the board level.