CISO Dr Ozkaya

As CISO – especially in a new organization – you need to balance being a Cybersecurity guru and business acumen. Of course you will also need to start creating a cybersecurity strategy – or revise it if it exists – creating a budget , build your team but also spend time o manage the expectations of your stakeholders..

Below are the 7 essentials of staring your CISO role :

  1. Do you know what are you doing in your next 100 days Do you know all your assets , crown jewels – are they reflected in your 100 days plan ?
  2. What is your Incident Response Plan? Are you ready to recover from a cyber attack ? Did you asses the organization and presented the finding to the board?
  3.  Are you up to date ? Did you prioritize the essential 10-15 critical few key controls, are they tested and ready for coverage and maturity?
  4. What is your scope? Are roles and responsibilities defined in writing and assigned to accountable executives and their teams ?
  5. Do you have a measurable cyber-resilient culture change program in place ? Don’t forget its CISO’s priority to work with the CEO/ Board and create a cyber culture organization wide , with Assume Breach in mind
  6. Do you know your key customers ? Did you start to reach them out and build / strengthen relation?
  7. Create / define your partners ! Leverage new innovations

Where do CISO’s stand today ?

The role of chief information security officer (CISO) is not what it was five or 10 years ago.  According to those who find themselves in the role today, that’s not necessarily a bad thing.

In the past, it used to be that chief security officers (CSOs) were over-glorified IT security administrators, babysitting the firewalls, arguing with software vendors over botched antivirus signature updates and cleaning spyware off of infected laptops and desktop PCs. True, that’s still the role some CSOs in Middle East region find themselves in, but for the majority the responsibility has shifted to looking at the big picture and designing the programme that balances acceptable risks against the unacceptable.

In an ideal world, today’s CISO hires someone else to handle all those technical security tasks. Of course, the question is whether you can inspire them to do what you once had to do or if you’ll turn them off with an attitude of superiority.

Being a CISO used to be a hard core cybersecurity role, however, the function of the CISO involves much more business leadership and risk management. Today, a CISO must be able to help executives at C-suite level to understand risk as it is about bits. CISOs in any enterprise organization in the Middle East must-have skills to be able explain security for non techies, build and maintain critical relationships and communicate at both senior and operational levels. Soft skills are critical to evangelizing security initiatives and celebrating wins, which need to be expressed as business outcomes.

Cybersecurity is gaining importance due to the increased number of cyberattacks and the huge losses that victims are reporting. However, in many organizations the implementation of cybersecurity comes as a consequence of a threat or an attack. Organizations can decide to mount reactive, proactive and operational cyber-defenses, or a combination of the three depending on financial capabilities and levels of exposure to threats. Having a CISO will go through the three types of approaches to implementing cybersecurity and help the organization to choose the optimal cyber-defense strategy.

The best ways to foster an atmosphere of innovation 

Everything starts with having and building a team which you can relay, a team that can take ownership of ‘client problems, a team that can benchmark against the best. As a leader, CISOs prime focus should be to create a culture of innovation and build effective teams, which can focus on the work that needs to be done. We need to embrace experimentation and risk as well as listen to the teams we build and challenge as necessary. If you can empower your team with a leadership that inspires and values them, the innovation fostering atmosphere will eventually manifest itself.

What is a Cybersecurity Strategy ?

A cybersecurity strategy is a plan for managing organizational security risk according to a defined risk tolerance for the organization to meet the business and organizational objectives and goals. In addition, the cybersecurity strategy shouldn’t be focusing being secure as possible, but on being secure as necessary and for that to happen, you must balance security investments to keep security assurances strong.

Once you do that then you also need to understand the ‘threat actor factor’. Sophisticated attackers will only choose avenues that they can exploit successfully. If you look for weakest links, know your vulnerabilities and try to not have any misconfigurations, minimize the human error and have good vendors to trust you should be okay and this will build even more confidence on getting the right support from the business as well as the IT teams.

How CISOs can reduce risk?

https://www.erdalozkaya.com/how-cisos-can-reduce-risk/

To read it at LinkedIn

https://www.linkedin.com/pulse/how-cisos-can-reduce-risk-dr-erdal-ozkaya/

Microsoft Offers ‘Insights for the Progressive CISO’ to Cyber-Security Pros

https://www.erdalozkaya.com/microsoft-offers-to-cisos/

UAE CISOs Gather to Gain Insights on Latest Cyber-Security Trends From Renowned Industry Experts

CISO Definition by Wikipedia 

chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks.

They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. supervises the implementation to achieve ISO/IEC 27001 certification for an entity or a part of it). The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

The 7 Essentials for CISO role / Impactful start in your CISO role

GitHub CISO RoundTable
Cybersecurity Leaders Dr Ozkaya and Microsoft’s Principle security Manager 
Cybersecurity Leadership Demystified-World-Class Cybersecurity Leadership

 

 

Comment (1)

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Data Breaches

The history of data breaches – 1984 till today

The history of data breaches Attacks on computers, as we see today, may have evolved in terms of the techniques and... read more
TechTarget CISO Erdal

Why CISOs need to understand the business –

Why CISOs need to understand the business While CISOs need technical skills, business skills help them push their team's agenda and... read more
Outlook keeps asking for a password

Outlook keeps asking for a password? The FREE fix you are waiting 4

Outlook keeps asking for a password If you care about your Security, then you need to take an extra step and... read more
Digital Trust and Risk Management by Erdal Ozkaya

Elevating Security for Digital Trust and Risk Management : Free Webinar

Elevating Security for Digital Trust and Risk Management I am happy to announce that I will be speaking in the upcoming... read more
CISO Magazine Cybersecurity Excellence Awards

CISO Magazine Cybersecurity Excellence Awards – 2019

CISO Magazine Cybersecurity Excellence Awards I am pleased to announce that I have been nominated by EC-Council 's  CISO MAG to be part of the... read more
Quantum Computing

The Quantum Future – Part 2

The Quantum Future Computing is all about to change with the unveiling of quantum computers. This is going to be a... read more
Google

What Google knows about you

What Google knows about you A good friend of mine Gary Duffuiled a MCLC, from the UK has shared a very... read more
Who hacked

Who Hacked? Free Online Game

Who Hacked? Here is a great resource for all of you, a hacking game developed by Microsoft, which I have contributed... read more
Beyond the Perimeter Dr Erdal Ozkaya

Standard Chartered’s Dr Erdal 0zkaya to share top insights at ‘Beyond the Perimeter’ Free webinar

Beyond the Perimeter ITP.net, together with Cloudflare, is hosting a webinar titled, ‘Beyond the Perimeter: Securing Fragmented Environments with Zero Trust’,... read more
Thank you Standard Chartered Bank Dr Ozkaya

Thank you Standard Chartered Bank

Thank you Standard Chartered Bank , next is Comodo Cybersecurity  This week is my last week at Standard Chartered Bank ; while I... read more