Three things a new CISO should do

Image by Ryasick via GettyImages.ca

Congratulations: You’re the new chief information security officer for an organization.

In this time of increasingly successful cyber attacks, on your shoulders lie the responsibility for establishing and maintaining the vision, strategy, and program to ensure information assets and technologies are adequately protected.

After walking into your new office, now what?

In a column this week for SC Magazine Peter Duthie, co-CEO at GroundLabs tries to answer that question by suggesting a new CISO take three initiatives:

  • Have hard conversations: In the first few weeks on the job, make it a priority to schedule meetings with department leaders about their security and privacy-related challenges. This will also an opportunity to remind them how to treat data;
  • Understand where all the corporate data is: How many employees keep classified documents in a personal file hosting service or on their desktops? How many share sensitive materials with others through cloud storage like Google Drive? “Only with this information can CISOs prioritize data management,” writes Duthie, “while identifying top areas for concern;”
  • Audit the security tools: Among the questions to be asked are which solutions are working well/are ineffective, and are there multiple technologies doing the same thing?

Related:

CISOs don’t get the respect they need

CISOs have a lot on their hands, including dealing with the board. In an interview at the annual RSA Conference two years ago, a CEO told me an essential skill for infosec leaders is learning how to talk to directors. But the first weeks in a new job are also vital for the CISO to learn about the strengths and weaknesses of their new post.

As Duthie writes, it’s important for a CISO to have a strong understanding of his new environment when setting out to succeed in a new post.

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News