Way beyond the justification of ad-hoc investments and pet-projects for the CISO, metrics have to be at the heart of the sound security practice, but they must be focused on tracking progress in time in support of a long-term transformative vision.
Category: Information Security
The CISO role has never been more important. The firms that fail at appointing a new CISO are those which rush and push an inexperienced techie in a poorly defined role. Positioning the role accurately in relation to the firm’s objectives around security, thinking it as a senior leadership role, and taking the time to find the right leader are the keys to long-term success.
Over the past several years, experts and policymakers have expressed increasing concerns about protecting ICT systems from cyber attacks — a deliberate attempt by unauthorized persons to access ICT systems, usually with the goal of theft, disruption, damage, or other unlawful actions....
Quite a lot will now go down to the regulator’s appetite. If they are inconsistent, too heavy-handed or too lenient, focus only on the GAFA, or pick the wrong battles with small firms, they will dilute the act, endanger their credibility and lose momentum.