Cyber Defense Magazine - Annual RSA Conference 2019 - Print Edition
Cyber Defense Magazine - Electronic Version - Annual RSA Conference 2019 - Print Edition
Cyber Defense Magazine - Electronic Version - Annual RSA Conference 2019 - Print Edition
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Inspiring Greater<br />
Accountability with<br />
Improved Security KPIs<br />
By Lewie Dunsworth, EVP Technical Operations, Herjavec Group<br />
Getting a good night’s sleep has become increasingly difficult for CISO’s. In<br />
a recent <strong>Cyber</strong>security CEO piece Herjavec Group Founder & CEO, Robert<br />
Herjavec, referenced how CISOs toss and turn, kept awake by thoughts of:<br />
• Accountability to leadership – being held accountable to delivering<br />
on expectations as the board approves investments to improve security<br />
• Capability of team – questioning do I have the right skills<br />
and right people to do the right things?<br />
• Compliance & Privacy Regulation – how do GDPR, and other<br />
industry or regional regulations impact my security program?<br />
The good news is that the CEO<br />
and board are more engaged<br />
in cybersecurity conversations<br />
than ever before. C-Level<br />
members are no longer passing<br />
off responsibility. CISOs aren’t<br />
educating in the board room as<br />
they used to – and trust me, I’ve<br />
been in their shoes. The board is<br />
asking the right questions and<br />
holding their teams accountable.<br />
I would confidently say the<br />
C-suite is maturing when it<br />
comes to security knowledge.<br />
Keep in mind, each player around<br />
that table may have slightly<br />
different priorities:<br />
- CEO – Concerned with<br />
the reputation of the company in<br />
the event of a breach. How could<br />
credibility, customer retention<br />
and overall stock price/business<br />
value be impacted?<br />
- CFO – How will we fund<br />
ongoing security initiatives?<br />
Are we maximizing the value of<br />
our investments today? What<br />
risk remains and what risk are<br />
we sharing with 3rd parties,<br />
including contractors, suppliers<br />
and customers?<br />
- COO – Will any<br />
business operation be impacted<br />
by the security program or<br />
new technology roll out? Is the<br />
roadmap on schedule? What<br />
is our incident response plan to<br />
regain business operation in the<br />
event of a breach?<br />
At the end of the day the C-Suite<br />
shares mutual concerns about<br />
security risk and liability in the<br />
event of a breach. How you<br />
communicate this and keep<br />
them informed is pivotal.<br />
As security becomes a more<br />
digestible topic of conversation<br />
at the quarterly board meeting<br />
it’s imperative CISOs have the<br />
proper metrics to measure their<br />
progress and the inherent risks<br />
that remain. Herjavec Group<br />
recommends aligning early with<br />
your executive leadership team<br />
on a Security Roadmap – then<br />
developing key performance<br />
indicators (KPIs) that you can<br />
report on so status updates and<br />
progress measurements are<br />
concise, clear and continue to be<br />
digestible.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>Magazine</strong> - <strong>Annual</strong> <strong>Print</strong> <strong>Edition</strong> <strong>2019</strong> 9