Cybersecurity experts have become targets for board seats


 

visit now: https://cybersecurity-conferences.researchw.com/


The need for strong cybersecurity programs is a vital part of doing business today, and a good reflection of that is adding security executives to boards.

“The trend is for [chief information security officers] to be elevated to the board of directors,” said Chris Steffen, research director at analyst and consulting firm Enterprise Management Associates (EMA). “It is no longer acceptable for the security role to be subordinate to other technology priorities that the company might have.”

As risk and regulatory compliance become more visible in an organization, many of the initiatives and controls will be security related, Steffen said. “Addressing those controls usually falls to the CISO,” he said.

With security incidents “a part of nearly every evening news cycle, the board of directors needs to demonstrate that they are taking those considerations seriously and addressing them,” Steffen said. “For many organizations, one of the easiest and most effective ways of doing this is to elevate the CISO to a position of responsibility and authority on the board.”

Businesses are becoming more aware of cyber risk as a component of business risk “and need CISOs to be part of board-level governance conversations,” said Nick Kakolowski, research director at IANS Research.

“CISOs have an opportunity to function as cyber experts, but it will be critical that they broaden their experience as boards will likely seek individuals with a breadth of experience for cyber expert roles, not necessarily security specialists,” Kakolowski said.

A recently released report on CISO board readiness conducted by IANS Research in collaboration with Artico Search and The CAP Group, found that less than half of the CISOs stand out as board candidates.

The research also showed that 90% of public companies lack even one qualified cyber expert, showing a significant cyber board supply-demand gap. Only 15% of CISOs have broader traits required for board level positions, such as a holistic understanding of the business, a global perspective and ability to navigate a range of stakeholders, with another 33% having a subset of those necessary traits.

Soft skills and cybersecurity skills are needed

So, what skills do CISOs need — aside from cybersecurity expertise — to be considered credible board members?

Based on the sample of the CISOs queried for the IANs research who are already serving in board roles, the researchers recommend three areas for CISOs to focus on if they want to serve as cyber experts on boards.

“First, build soft skills,” Kakolowski said. “Boards are close-knit working teams of highly talented and successful people, where the conversations are often nuanced and require a high emotional intelligence to navigate.”

Second, CISOs should look to diversify their business experience to broaden their knowledge of varied operational models and corporate strategies, Kakolowski said. Finally, branding is critical. “Being able to form and tell a compelling career story that demonstrates unique executive expertise creates an ‘it’ factor that can help an individual stand out from other high-performing security experts,” he says.

Having good communication skills is vital, Steffen said. “Being able to explain complex security-related topics to lay people is difficult, but it’s a critical skill” for serving on a board, he said. “The other members of the board likely will not be technical, and the CISO will need to be able to explain security related topics so they can understand the importance.”

A key component of communication is knowing your audience, said Larry Whiteside, CISO at RegScale, a provider of governance, risk and compliance tools, and a board member of several organizations including the Cloud Security Alliance, Ember River and the University of South Florida.

“For a CISO, the ability to communicate directly with people not like themselves in a way that’s clear and concise means the world,” Whiteside said. “Many CISOs have grown up as technologists and are accustomed to speaking very technically. And that’s not a bad thing for the right audience, which is usually the cybersecurity or IT team. However, in a boardroom, speaking in a language and utilizing terms that the board will understand is crucial to getting their point across in a meaningful way.”

Possessing good business acumen is also important for a CISO to be effective in the boardroom, Whiteside said. That includes having knowledge and understanding not only of the business, but of how it operates to generate revenue. “The reason for this is that all companies are unique in one way or another,” he said. “There may be a large set of similarities, but that uniqueness is often the one thing that is a key differentiator to a company’s success.”

CISOs also need to understand risk to speak to a board. “Their understanding of risk must expand outside of just technology,” Whiteside said. “There are so many issues surrounding compliance and regulations that are evolving on a regular basis, and a CISO must understand the risk those mandates impose on their company.”

In addition, CISOs must understand business risk. “This includes fiduciary risk, operational risk, and technology risk rolled into a bigger equation,” Whiteside said, “factoring in the overall impact to the company’s bottom line revenue, culture or people, whichever the company chooses [as] its most important asset based on that particular risk scenario.”

CISOs need to understand their role and place on the board, and keep in mind all of the areas they are responsible for in the organization, Steffen said. “It is possible, and likely, that they may have responsibilities outside of the realm of information security — compliance being one of those,” he said. “So they need to understand how best to contribute, while not overstepping their bounds.”

Finally, CISOs should have a good network of professionals in a variety of disciplines. “Most security professionals know that it is very difficult to achieve mature organizational security without help, either from third parties, vendors or those informal relationships among industry peers that can point [them] in the right direction,” Steffen said. “A CISO needs to have a strong address book to call on for anything that may arise.”

Comments

Post a Comment

Popular posts from this blog

Cybersecurity and Cryptography

Image
  Cybersecurity conferences  organized by ScienceFather group. ScienceFather takes the privilege to invite speakers, participants, students, delegates, and exhibitors from across the globe to its International Conference on cybersecurity conferences to be held in the Various Beautiful cites of the world. Cybersecurity conferences are a discussion of common Inventions-related issues and additionally trade information, share proof, thoughts, and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications, such as in Science, medicine, electronics, biomaterials, energy production, and consumer products. The focal point of  Cybersecurity  is to bring forward discoveries, examine the system and strategic issues, assemble and keep forth basic strategies between analysts, professionals, arrangement producers, and agents of science Associations. Essential Cybersecurity conferences emphasize
Read more

Cyber-Physical Systems Security

Image
  . Cyber-Physical Systems Security (CPSS) refers to the protection of cyber-physical systems, which are integrated systems that combine computational elements (cyber) with physical components (physical) to interact with the physical world. These systems are commonly found in critical infrastructure, industrial control systems, smart cities, autonomous vehicles, healthcare devices, and many other domains The importance of CPSS arises from the fact that cyber-physical systems are highly interconnected and susceptible to various security threats. A successful attack on these systems can lead to severe consequences, including physical harm, disruption of essential services, and economic losses. Ensuring the security of CPSS is crucial to safeguarding public safety and maintaining the functionality of critical infrastructures. Key challenges and considerations in Cyber-Physical Systems Security include: Interconnectedness: CPSS often involves numerous interconnected devices and networks, w
Read more

Cyber Bullying on Cybersecurity

Image
  Cyberbullying is  bullying - unwanted, repeated, aggressive, negative behavior - that takes place over digital devices like cell phones, tablets, and computers . Cyberbullying can happen over email, through texting, on social media, while gaming, on instant messaging, and through photo sharing. Cyberbullying is   a type of bullying in which one or more individuals use digital technologies to intentionally and repeatedly cause harm to another person . Cyberbullying  involves the use of information and communication technologies that support deliberate, hostile, and often repeated behaviour by an individual or group that is intended to hurt others . Whereas low self-esteem is usually linked to traditional bullying, many cyberbullies demonstrate a high perception of self-esteem in perceiving their relationships with peers as satisfying. However,  feelings of loneliness and a perception of unsafety at school  were often linked to cyberbullying. (2019) had the most extensive classificatio
Read more