chief - All Articles - CISO Platform2024-03-28T11:43:16Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/chiefWhy and how the job description of CISO is changinghttps://www.cisoplatform.com/profiles/blogs/why-and-how-the-job-description-of-ciso-is-changing2013-12-20T15:00:00.000Z2013-12-20T15:00:00.000ZAnubhav Bathlahttps://www.cisoplatform.com/members/AnubhavBathla6<div><p>These are some common topics when we talk about CISOs role in an organization</p><p>As per my view CISO position is making a comeback, but if not placed right…… it can be just a position in any organization. I believe CISO should directly report to either the CEO or the CRO (highest Risk officer) instead to any other level.</p><p>This is a debatable and has been a hot topic to talk and discuss, there is an interesting trend seen in this segment of chief information security officers (CISOs). More and more we see companies beginning to create this role within their organization or increase the power associated with the position.</p><p>The goal is to equip CISOs with the ability to enforce change, with responsibilities that range from incident response, to IT compliance, to customer data privacy….</p><p>In today’s world privacy and compliance demands are on their shoulders but the big question is do we really understand infosecurity’s value and the lack of quantifiable risk metrics.</p><p>The demand for effective risk management is increasing with other factors and that can put the CISO role on the endangered species list and If you want to survive and thrive in this new environment, you’ll have to grasp what the successful CISO brings to the table.</p><p>(Read more: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/top-technologies-solutions-available-for-byod-security"><span style="color:#3366ff;">Under the hood of Top 4 BYOD Security Technologies: Pros & Cons</span></a></span>)<br /></b></p><p>Here are some tips :-</p><p><strong>Shed the Conventional you</strong></p><p>In past, career has been mired in IT, systems and networking security. we identify exposure, and deploy solutions. That’s how we provide value. we build the walls and guard the organization.</p><p>All of a sudden, it has become a commodity like everything else. All the things we did–have migrated to IT.</p><p>Until now, we have highlighted a need and got resource to respond from the management. But that’s not good enough There’s no point in shouting, “There is a Risk,Risk,Risk” when management is “Taking” the budget.</p><p>Our Role now goes well beyond mitigating Risk–it’s to enhance shareholder value by protecting your company’s market share, revenue and brand.</p><p>To win management support for IT Security, we got to demonstrate how we prioritized, present and priced risk. As each new project has–relocation overseas, online payment, wireless infrastructure–we need to identify, analyze and evaluate the risks, measure the costs of securing the services with real numbers and present viable options.</p><p>This information will help our management team to decide how to allocate resources and will prove your value to the company.</p><p><b>Talk to the CFO</b><br /> Now do you know your value, think about how a CFO defines value. He thinks of the revenue, ROI; he thinks about liquidity. As the CISO, you need to adopt this methodology and look at the relationship between risk exposures and the value of company assets, revenue and liquidity.</p><p>( Read more: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/profiles/blogs/how-should-a-ciso-define-the-requirement-for-solutions-for-byod-s"><span style="color:#3366ff;">BYOD Security: From Defining the Requirements to Choosing a Vendor</span></a></span> )</b></p><p><b>Focus on what’s necessary to your company</b><br /> Talk to the management, listen to what your CEO is saying. If you’re repeatedly hearing about the importance of protecting market share of the company’s product, Quickly learn if the responsible managers are more interested in reducing the cost of managing risk or mitigating exposure.</p><p><b>Vision the Big picture</b><br /> As CISO, you’re in a unique position to see and deal with the big picture, and to see the greatest risks.</p><p>an example where management says online sales is the most important activity. To you, this should become the lot more important than in less or low critical business of the organization.</p><p>if 90 percent of your online customers are located in one geography, the risk is magnified. If all your divisions rely on a shared or managed IT service that’s highly concentrated, your entire business hinges on its security.</p><p>You can provide a high-level perspective of the organization’s interdependencies and areas of concentration that other departments don’t have as they don’t have access to all the information or they can’t vision the big picture. They will value your opinion</p><p><strong>Talk to the chief risk officer (CRO)</strong></p><p>Look at your company’s risk professionals: the CRO, a head of compliance, corporate legal counsel, etc.</p><p>The power is with the chief risk officer (CRO). The CRO has authority and a structured way to manage risk. You must meet the CRO and apply proper industry-accepted methodologies.</p><p>For instance, if the CRO says, “My priority is increasing premiums and reducing insurance coverage,” this means that the company isn’t paying the increased premium (which translates into greater exposure) and that the company must be more aggressive in its loss control and loss prevention programs. So, when the CRO says to you, “You guys are dealing with IT security problems and you want millions of dollars to solve them. What’s your rationale?” you can make your case based on what it will take to control and reduce those costs based on the data you’ve collected on operational loss.</p><p>( Watch more : <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/video/top-myths-of-ipv-6-security"><span style="color:#3366ff;">Top Myths of IPV-6 Security</span></a></span> )</b></p><p><b>Focus your organization</b><br /> If you’re going to deliver the data, analysis and modeling that your new role requires, you’re not the only one that has to change. Your organization may need to realign departments–and that might require some radical thinking.</p><p>Information Security roles and responsibilities that have become main–such as operations, policy creation and enforcement–should be considered for migration and delegation</p><p>You may have to relook your organization’s skills to support more analytical thinking and promote a greater awareness of operational risk management. Gauge the level of expertise and what kind of modeling capability the organization has so you can budget for the kind of technically savvy people you’ll need.</p><p>Shifting and adding resources is never quick. Plan on phasing in new resources over several years, in accordance with the change demands to disperse the cost.</p><p><b>Drive change</b><br /> What if your organization doesn’t have a mature risk management culture? The overwhelmed two-person legal staff moves from problem to problem in crisis mode. The risk management group is a one manager who’s clueless about the broader concept of risk management. </p><p>If you’re going to make a difference as a CISO in this environment, you have a day job and a night job.</p><p>The night job is strategic: getting this community of disjointed disciplines, roles and expertise to work together in small ways.</p><p>The day job is to prioritize what’s most important to the business and apply the appropriate security. Choose what generates the most revenue, or what the company has on its radar for the next five years. You need to secure that piece of the corporate world, working through the risk management model and working closely with the appropriate stakeholders .</p><p>( More: <b><span style="color:#3366ff;"><a href="http://www.cisoplatform.com/main/authorization/signUp"><span style="color:#3366ff;">Join the community of 1400+ Chief Information Security Officers.</span></a></span><span style="color:#3366ff;"> <a href="http://www.cisoplatform.com/main/authorization/signUp"><span style="color:#3366ff;">Click here</span></a></span>)</b></p><p>Be nimble. Step into this new role while keeping a foot in the old. Delegate the technical responsibilities–infrastructure support, network support–while still providing guidance and oversight. Develop a strategy for an overall architecture. You may not be able to execute yet, but know where you want to go.</p></div>BadUSB — On accessories that turn evil by Karsten Nohlhttps://www.cisoplatform.com/profiles/blogs/badusb-on-accessories-that-turn-evil-by-karsten-nohl2015-01-31T12:00:00.000Z2015-01-31T12:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-4"><strong>Watch Talk:</strong></span></p>
<p></p>
<p><iframe width="854" height="510" src="https://www.youtube.com/embed/qqeHED1b6DY?wmode=opaque" frameborder="0"></iframe>
</p>
<p></p>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/5-best-practices-to-secure-your-big-data-implementation">5 Best Practices to secure your Big Data Implementation</a>)</b></p>
<p></p>
<p><span class="font-size-4"><strong>BadUSB — On accessories that turn evil by Karsten Nohl</strong></span></p>
<p>Karsten Nohl is a cryptographer and security researcher</p>
<p>This talk introduces a new form of malware that operates from controller chips inside USB devices. Peripherals can be reprogrammed in order to take control of a computer, exfiltrate data, or spy on the user. We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.</p>
<p></p>
<p><span class="font-size-4"><strong>View PPT:</strong></span></p>
<p><iframe width="476" height="400" src="//www.slideshare.net/slideshow/embed_code/44085056" frameborder="0"></iframe>
</p>
<p></p>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/7-key-lessons-from-the-linkedin-breach">7 Key Lessons from the LinkedIn Breach</a>)</b></p></div>Top 100 CISO Awards, 2018https://www.cisoplatform.com/profiles/blogs/nominations-open-top-100-ciso-awards-20172016-12-21T06:30:00.000Z2016-12-21T06:30:00.000ZRavi Mishra (CISO Platform)https://www.cisoplatform.com/members/RaviMishraCISOPlatform<div><p><a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank"><img width="600" src="{{#staticFileLink}}8669811064,original{{/staticFileLink}}" class="align-full" alt="8669811064?profile=original" /></a></p><p></p><p><span class="font-size-5"><strong>CISO Platform 100, 2018 (India):</strong></span></p><p><span style="color:#ff0000;">Applications for the Top 100 CISO Awards is open for 2018. Kindly fill in your responses asap.</span></p><p>We are very happy to announce that nominations are now open for the 7<sup>th</sup> Edition of Top 100 CISO Awards - India's 1st Security Recognition for CISOs. </p><p>CISO Platform 100 has now grown into a global recognition with the names of inspiring influencers like <b>Kevin Mitnick, Stefan Esser, Eugene Kaspersky, Bruce Schneier </b>...... & more</p><p>First partial 2017 global list <a href="http://www.cisoplatform.com/profiles/blogs/ciso-platform-top-it-security-influencers" target="_blank">here</a></p><p></p><p><span class="font-size-5"><a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank">>> Click here to nominate</a></span></p><p></p><p></p><p></p><p></p><p><span class="font-size-6"><b>Nomination Categories</b> </span></p><ul><li><b>CISO Platform 100</b> - Individual Recognition for India's Top 100 IT Security Influencers</li><li><b>Enterprise Security Awards (ONLY 1 Winner per Category):</b> Awarded to organizations for exemplary adoption of security in the following categories<br /> <br /><ul><li>Online / Ecommerce Vertical</li><li>Payments / Fin Tech Vertical</li><li>Banking Vertical</li><li>Telco Vertical</li><li>Financial Services Vertical</li><li>Insurance Vertical</li><li>IT / ITeS Vertical</li><li>Manufacturing Vertical</li><li>Government Vertical</li><li>Startups</li><li>Healthcare & Pharmaceuticals Vertical</li><li>Response Capability</li><li>Predictive Capability</li><li>Security Awareness</li><li>Privacy Program</li><li>Data Security</li><li>Network Security</li><li>Cloud Security</li><li>Security Operations Centre (SOC)</li><li>Application Security</li><li>Mobile Security</li><li>Critical Infrastructure Protection</li><li>Identity & Access Management Program</li><li>GRC Program</li><li>IoT Security</li></ul></li></ul><p> </p><p></p><p></p><p><span class="font-size-6"><b>How to nominate?</b></span></p><ul><li>Nomination Link: <a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank">Click Here</a><a href="http://www.cisoplatform.com/page/ciso-platform-100-nomination-form-india-2017"></a></li></ul><ul><li><b>Deadline: Extended on request, kindly fill your response asap</b></li></ul><p> </p><p><span class="font-size-5"><b><a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank">>> Click here to nominate</a></b></span></p><p></p><p></p><p></p><p><span class="font-size-6"><b>Vision/Spirit of Recognition</b> <br /></span></p><ul><li><b>Community Sharing:</b>Our vision is to create tangible community goods by way of sharing our knowledge for the broader ecosystem</li></ul><ul><li>The goal of the offsite shall be to structure our key learning in form of structured playbooks and share it with the rest</li><li><b>Example:</b> If there are 3 CISOs who did SOC upgradation last year, then they will put together their key learning in structured format of Community Playbooks along with our analyst team. Then on Day 2, they will share their playbook with 10 others who want to upgrade their SOC this year in a Round Table</li></ul><p> </p><p></p></div>