Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro CISO Alliance - Internal use only 9/2/2019.

Published byあいね はかまや Modified over 5 years ago

Similar presentations

Presentation on theme: "Intro CISO Alliance - Internal use only 9/2/2019."— Presentation transcript:

1 Intro CISO Alliance - Internal use only 9/2/2019

2 Disclaimer Session prepared and presented in private capacity
My opinions don`t reflect on Truworths Shared cases and experience depict solely my international background No recording devices allowed Disclaimer CISO Alliance - Internal use only 9/2/2019

3 How to gain influence & Buy-in for Security investment from the Board?

4 Challenges for CISO`s Disconnected communication channels
Conflicting agendas Management “doesn`t seem to get it” Putting out fires vs. strategic proposition Challenges for CISO`s CISO Alliance - Internal use only 9/2/2019

5 Ugly Truth Only 22% of CISO`s report directly to the CEO1
80% of Business leaders: Cyber Security = technical/compliance routine2 74% of C-Suite executives agree CISO`s ≠ Board3 Ugly Truth CISO Alliance - Internal use only 9/2/2019

6 Usual remedy FUD (Fear, Uncertainty & Doubt)
Compliance (GDPR,POPIA,PCI DSS, King IV) ….all too often it takes a breach…. Usual remedy CISO Alliance - Internal use only 9/2/2019

7 Usual Perception FUD = You always bring bad news = Bad News
GDPR/POPIA = You`re the compliance guy = Policeman Breach = You weren`t able to protect us = Doubt Usual Perception Showing value rather than argument with fear when it comes to budget or policy decisions CISO Alliance - Internal use only 9/2/2019

8 Practical Resolutions
CISO Alliance - Internal use only 9/2/2019

9 1. Putting out fires vs. strategic proposition
Find your cause. Define your core principles. 3. Let your actions reflect your cause. Source: «Start with Why» S. Sinek, 2009 1. Putting out fires vs. strategic proposition CISO Alliance - Internal use only 9/2/2019

10 1. Putting out fires vs. strategic proposition
Treat your Department as your own company. Improve your business model Source: Strategyzer ( 1. Putting out fires vs. strategic proposition CISO Alliance - Internal use only 9/2/2019

11 1. Putting out fires vs. strategic proposition
Understand your customer Map your Value proposition Source: Strategyzer ( 1. Putting out fires vs. strategic proposition CISO Alliance - Internal use only 9/2/2019

12 2. Management “doesn`t seem to get it”
Talk risk not Cyber Security How well are you managing your risk posture? Technical debt – ongoing analysis of legacy systems Why certain risks where acceptable = business benefit What is the governance structure? How did you set up and manage security controls/tools How are your preparing for the future? How are your avoiding additional debts and deficits? How are you enabling business? 2. Management “doesn`t seem to get it” CISO Alliance - Internal use only 9/2/2019

13 2. Management “doesn`t seem to get it”
Make it «personal» Phish your C-Suite (theoretically) Social Media Do`s and Dont`s (privacy settings, etc.) Develop security guides for home environment parental control, ACL`s, MAC Address Filtering, etc. Offer guidance on cloud services (e.g. Evernote) Crash course in mobile security 2. Management “doesn`t seem to get it” CISO Alliance - Internal use only 9/2/2019

14 3. Disconnected communication channels
Ignite the conversation Create «CISO Lunch» Quarterly Security Updates Have your own Intra – Social – Media Channel Coffee – Breaks with Marketing/Data-Analysts 3. Disconnected communication channels CISO Alliance - Internal use only 9/2/2019

15 3. Disconnected communication channels
TRUST create long lasting positive business relationships Control Influence Information Elements of Trust5 3. Disconnected communication channels CISO Alliance - Internal use only 9/2/2019

16 4. Conflicting agendas «If you can`t beat them – join them.» Big Data
Cloud Security Future Workplace (aka Digital Transformation) AI/Machine Learning Key Projects 4. Conflicting agendas CISO Alliance - Internal use only 9/2/2019

17 Key Take Aways Know what you are standing for (Value Proposition)
Research your customers‘ jobs, pains & gains match it with VP Speak the language of your customer Be your own twitter Join the Team  Key Take Aways CISO Alliance - Internal use only 9/2/2019

18 Christine Fahlberg IT Security Manager
Thank You Christine Fahlberg IT Security Manager CISO Alliance - Internal use only 9/2/2019

19 What are the most common main objections you’re facing when trying to obtain buy-in?
CISO Alliance - Internal use only 9/2/2019

20 Jody R. Westby (2015), Governance of cybersecurity: 2015 report, Georgia Tech Information Security Center Deloitte CISO Labs data, 2015 ThreatTrack Security Inc., No respect: Chief information security officers misunderstood and underappreciated by their C-level peers, June–July 2014 World Economic Forum in collaboration with Deloitte, Partnering for cyber resilience: Towards the quantification of cyber threats, January 2015 ZAND, D. (1997). The Leadership Triad. Oxford University Press Annex CISO Alliance - Internal use only 9/2/2019

Download ppt "Intro CISO Alliance - Internal use only 9/2/2019."

Similar presentations

Informal Peer-to-Peer Feedback Guide

Informal Peer-to-Peer Feedback Guide
A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.
1 Prepare Yourself for the ICT Industry – A Career in ICT in Hong Kong Police Force 18-02-2009 Hong Kong Police Force.

1 Prepare Yourself for the ICT Industry – A Career in ICT in Hong Kong Police Force Hong Kong Police Force.
Management and Leadership

Management and Leadership
CIO Academy Journey to Influential IT Leadership Journey to CIO Academy Strategic Competencies for 21st Century CIO Success Influential IT Leadership:

CIO Academy Journey to Influential IT Leadership Journey to CIO Academy Strategic Competencies for 21st Century CIO Success Influential IT Leadership:
Copyright 2009. Scott Wright. All rights reserved. 1 SC Selling the Streetwise Security Awareness Program.

Copyright Scott Wright. All rights reserved. 1 SC Selling the Streetwise Security Awareness Program.
New A.M. Best Cyber Questionnaire

New A.M. Best Cyber Questionnaire
Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.

Legal Jeopardy: Whose Risk Is It?. SPEAKERS Jason Straight Chief Privacy Officer and Senior Vice President Cyber Risk Solutions at UnitedLex Patrick Manzo.
Creating a Vision for Fire Fighters to Embrace Leadership and Best Practices.

Creating a Vision for Fire Fighters to Embrace Leadership and Best Practices.
Welcome and Introduction January 11, 2017

Welcome and Introduction January 11, 2017
Board Roles & Responsibilities

Board Roles & Responsibilities
ACADEMY CONVERSION AND MEMBERSHIP OF THE CHILTERN LEARNING TRUST

ACADEMY CONVERSION AND MEMBERSHIP OF THE CHILTERN LEARNING TRUST
National Employee Mental Wellbeing Survey Results 2016

National Employee Mental Wellbeing Survey Results 2016
Enterprise Mobility Suite Technical and Business Briefing

Enterprise Mobility Suite Technical and Business Briefing
February 2017 Demystifying Georgia Tech

February 2017 Demystifying Georgia Tech
National Cyber Security Alliance and Raytheon Survey Findings 2015

National Cyber Security Alliance and Raytheon Survey Findings 2015
Yes, You can be nice and respected

Yes, You can be nice and respected
Chapter 9: Project Communications Management

Chapter 9: Project Communications Management
Visionary Leadership Think! Execute! Dominate!

Visionary Leadership Think! Execute! Dominate!
Partnership Delivery Team

Partnership Delivery Team

Similar presentations

Ads by Google