Although a Chief Information Security Officer, or CISO, is a vital component of any organisation, most companies are still unfamiliar with the role. Therefore, we decided to break it down by following Alex, a newly appointed CISO, on her journey.
Simply put, Business Enablement concerns the measures and procedures that are put in place to increase employee productivity and allow the business to grow. In other words, Business Enablement makes organisations more agile, allowing them to progress.
A Chief Information Security Officer plays an important role as a business enabler within an organisation. Traditionally, their responsibilities may have stopped at the door of the IT department, however, now, as more and more departments begin utilizing digital technology, the role of a CISO is relevant to almost every aspect of an organisation.
Tasked with protecting the business as a whole, a CISO must also consider ways to enable it. For simplicity, we will break a CISO’s Business Enablement responsibilities down into 5 separate components:
1. Product Security
2. Cloud Computing
3. Mobile Technology
4. Emerging Technologies
5. Mergers and Acquisitions
CISOs, like Alex, must consider all of these components and the ways that cybersecurity interacts with them.
Product Security concerns the way that companies build security into their solutions. This can be a challenge for businesses, many of which do not consider security a top priority when designing a new product or solution. Products Security includes:
1. Secure DevOps
2. Secure Development Lifecycle
3. Bug Bounties
4. Web, Mobile, Cloud AppSec
Cloud Computing has become increasingly popular over the past number of years. It allows companies to access IT resources on-demand via the internet. For many companies, moving to the cloud is immensely beneficial, it enables them to access technology services on an as-needed basis. Cloud Computing consists of:
1. Cloud Security Architecture
2. Cloud Guidelines
Mobile technology is becoming increasingly popular and as more and more employees begin to utilise it, the added cybersecurity risks it presents must also be considered. Companies must have mobile policies in place to mitigate threats and must also consider how new phenomena, like working from home, can impact an organisation’s overall security posture. Mobile Security includes:
1. Bring Your Own Device (BYOD)
2. Mobile Policy
Emerging Technologies should always be on a CISO’s radar, as the world continues to move and technology develops, new advancements to aid businesses begin to emerge. However, alongside new advancements come new risks that CISOs must be aware of and mitigate against. Emerging Technologies include:
1. Internet of Things (IoT)
2. Augmented Reality (AR)
3. Virtual Reality (VR)
5. Mergers and Acquisitions
Although Mergers and Acquisitions are most commonly associated with the legal field, a CISO also plays a key role in carrying out these deals. Cybersecurity is key to ensuring that Mergers and Acquisitions run smoothly: Poor cybersecurity posture can put a deal in jeopardy and, according to Gartner research, by 2022, 60% of organisations engaging in Mergers and Acquisitions will consider cybersecurity exposure a major factor.
The responsibilities of today’s CISOs, like Alex, span far beyond the IT department. It is vital that Alex acknowledges her role as a business enabler and proactively looks for ways to facilitate her organisation’s growth.
Cybersecurity interacts with almost every component of the business and it is for this reason, among others, that Alex and other CISOs must have a seat at the top table. Moreover, for her work to be most effective, it is vital that employees, outside the IT department, as well as senior management, acknowledge the Business Enablement component of Alex’s role.
In fact, something that helped Alex secure the position of CISO was her ability to problem solve and desire to protect her entire organisation. For most organisations, the IT department is no longer a lone ship adrift at sea, it is now a safe harbour.