How would you describe the CISO role on Twitter?

At a recent industry event discussing security, a question was rasised as to who needs to take ownership of security issues, the comment was made that it needs to be "someone senior enough to care, but junior enough to know what they are talking about"

This summarises a major issue in the cyber security industry. Security is a deeply complex issue, balancing threat, risk, business objectives, technology, process and people.

Senior business people tend to know about business objectives, and how to offset / manage business risks. When it comes to security risk, they are not experts, so need to rely on and trust information provided by the security experts. Sadly when these two people meet they talk a completely different language, creating confusion rather than understanding of the issues. The outcome often leads to the senior person overlooking the risk or dealing with it in an inappropriate or non-optimal way.

(Read more: Announcing CISO Handbook: Call to Authors )

The good news is the industry is starting to see a set of CISOs that first and foremost understand the business. I cite two examples:

  • CISO from a drinks company:
    "My job is to make sure the brewery is able to produce beer; if that process stops we lose money"
  • CISO from a train company:
    "My job is to make sure the trains continue to run on time and do not bump into each other"

In both cases they then define their role as assessing the security risks to that business process (SCADA attacks for example), then put risk mitigation strategies in place to make sure the business process does not fail.

How do you summarise your CISO role.  Can you do it in 140 ‘twitter’ characters?

(Re-edit of an article originally on http://colinrobbins.me)

 

More:  Want to share your insights? Click here to write an article at CISO Platform

 

Views: 245

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

Comment by G Venkataraman on June 2, 2013 at 5:59pm
Yes the role of a CISO is yet to establish in many ways . How IT is interwoven with business today,similarly IS has to get interwoven with business goals, then you have the real role to play.
Comment by bikash on May 31, 2013 at 3:00pm

I like this:  "someone senior enough to care, but junior enough to know what they are talking about". Your idea of twitter length description is also a great one.

© 2020   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service