TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    DeSantis benefits from ‘Trump fatigue’ ahead of possible 2024 face-off

    July 3, 2022

    Germany and Ireland attack Boris Johnson over Northern Ireland rules

    July 3, 2022

    Biden administration split on whether to remove China tariffs

    July 3, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Tesla’s run of record quarterly deliveries comes to an end thanks to China’s COVID shutdowns

      July 2, 2022

      Virgin Orbit successfully launches satellites during first night mission

      July 2, 2022

      Meta’s shutting down its digital wallet, Novi

      July 2, 2022

      TCL 30 XE 5G review: not bad for $200

      July 2, 2022

      Your internet life needs a Feeds Reboot — here’s how to do it

      July 2, 2022
    • Business
    • Cyber Security

      Tips to bolster cybersecurity, incident response this 4th of July weekend

      July 1, 2022

      Jon Raper named CISO at Costco

      July 1, 2022

      2022 RSAC takeaways: Risk management vs compliance

      July 1, 2022

      3 security lessons we haven’t learned from the Kaseya breach

      July 1, 2022

      Auston Davis named CISO at Versant Health

      June 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»How CISOs Can Demonstrate Business Value
    Cyber Security

    How CISOs Can Demonstrate Business Value

    January 29, 2019Updated:January 29, 2019No Comments5 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    CISOs Must Clearly Demonstrate Their Value to the Business in Dollars and Cents

    If you’re the typical CISO or other level of information security officer, chances are this job description sounds about right:

    “My role is to manage information security to keep the business secure.”

    And your success metrics – how you communicate what you do to the rest of business – probably relate to maintenance and improvement of the technical aspects for security, such as vulnerabilities patched or NIST CSF maturity levels met.

    If that’s you, I’d argue that you have your job description only partially correct.  In fact, your job, like everyone else’s in the organization, is not just about defending the business but enabling the business to make money at an acceptable level of risk, cost-effectively.  

    To truly succeed in their roles, CISOs must clearly demonstrate their value to the business in dollars and cents. That’s going to mean shifting their branding from “minimize threats and vulnerabilities” to include “providing options for business enablement”, where trade-offs between security investments levels and resulting risks are clearly articulated for informed business decisions to be made. 

    CISOs need to focus on the strategic objectives of the business, as well as the people, technology and processes supporting the most important functions of the business.  The technical side of security needs to be seen as part of that whole.  For example, your risk register. Most risk registers are run as a ledger book, a place to record control deficiencies, audit findings and policy exceptions or just vague categories of worrisome things like “moving to the cloud”.  

    Those entries may get categorized based on the gut feel of analysts as high-medium-low risk (most likely medium!) or just left in an undifferentiated pile. Either way, no effort is made to relate these “risks” to anything the business cares about – like a potential financial loss.

    ADP has a better way. The human resources and payroll services company, and one of the most sophisticated cyber risk managers around, has two rules for risk register management, as described by ADP’s Lead Security Consultant, Marta Palanques, at the FAIR Conference 2017:

    1. Every entry must relate to an IT asset that must in turn relate to a product line. For instance, the risk might be loss of a data center that knocks out servers that run applications that run products that bring in revenue.

    2. Every entry must be defined as a “loss event” according to the standard FAIR model (Factor Analysis of Information Risk) for cyber risk quantification, with a potential frequency and impact in dollar terms (as in lost revenue from the data center outage).

    A risk register like ADP’s clearly demonstrates the business value of cybersecurity and quantification is the key. With an estimate in dollar terms of loss events, CISOs can also prioritize a Top Risks list based on relative ranges of potential losses then rank, for instance, the cost of that application going down vs. the loss by data breach of the customer information tied to that application.

    The next step in the value chain is to answer the question, “Among our top risks, what’s the return on investment for mitigation?”  Again, risk analysts can leverage the FAIR model, tweak inputs in given risk analyses and look at alternate scenarios, for instance, “Would implementing two-factor authentication reduce the probable losses enough to justify the investment?”

    Next, risk analysts can seek to answer the question of whether actual loss exposure is decreasing over time. To do that, they identify the variables across the top risks that most influence the potential losses, and track and report on those Key Risk Indicators regularly.

    The ultimate demonstration of the value proposition of cybersecurity will come when CISOs have fully integrated their cyber risk quantification work into the organization’s enterprise risk management program. When they are able to discuss on equal terms with the keepers of market risk and financial risk how cybersecurity helps grow the value of the business. Maybe a lofty goal, but one that starts with a tangible first step, implementing a businesslike approach to measuring cyber risk, built on a standard risk quantification model like FAIR.

    Nicola (Nick) Sanna is the CEO of RiskLens. In 2015, he championed the creation of a nonprofit expert organization, the FAIR Institute, which focuses on helping organizations manage information and operational risk from the business perspective. Prior to RiskLens, Nick was CEO of Netuitive, an IT Operations Analytics software company and served as CEO of e-Security, a SIEM company that was ultimately sold to Novell. Earlier, Nick contributed to the growth of ASG as VP EMEA and as COO, and acted as the VP Sales and Marketing for Amplitude Int’l. Nick is a regular lecturer at universities across the US on the subject of social entrepreneurship and is an advisory board member of the business school at CUA. He is fluent in 5 languages and received a masters degree in Economics and Trade from the University of Rome La Sapienza.

    Previous Columns by Nick Sanna:
    Tags:



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

    Related Posts

    Tips to bolster cybersecurity, incident response this 4th of July weekend

    July 1, 2022 Cyber Security

    Jon Raper named CISO at Costco

    July 1, 2022 Cyber Security

    2022 RSAC takeaways: Risk management vs compliance

    July 1, 2022 Cyber Security

    3 security lessons we haven’t learned from the Kaseya breach

    July 1, 2022 Cyber Security

    Auston Davis named CISO at Versant Health

    June 30, 2022 Cyber Security

    Lessons learned from slew of recent data breaches

    June 30, 2022 Cyber Security
    Editors Picks

    Germany and Ireland attack Boris Johnson over Northern Ireland rules

    July 3, 2022

    Biden administration split on whether to remove China tariffs

    July 3, 2022

    Covid vaccines: how can immune imprinting help experts to rethink jabs?

    July 3, 2022

    Help truly wanted, even if you’ve been in jail

    July 3, 2022
    Trending Now

    NFT Sales Slide to a 12-Month Low Amid Crypto Meltdown

    By techbizweb

    China’s rise pushes Asia-Pacific nations to embrace Nato

    By techbizweb

    Three Arrow’s Su Zhu Puts Singapore Luxury Home for Sale

    By techbizweb

    https://www.nationalsportsacademy.com

    slot gacor hari ini

    http://www.inadesfo.org/

    http://www.eueomgbissau.org/

    http://www.congo-mai-mai.net/

    http://www.angelesdelafrontera.org/

    http://fifaworldcup2018schedule.com/

    http://tony4gtrmcr.co.uk/

    http://www.standrewsagreement.org/

    http://www.bob-russell.co.uk/

    http://davidmulholland.co.uk/

    http://railwayhotelenniskillen.com/

    http://www.fantasysportstrades.com/

    http://www.rainleaf-flooring.com

    http://mothersagainstguns.org/

    http://ma-coc.org/

    slot online

    http://www.paradoxmag.com/situs-judi-slot-online-gampang-menang-2021/

    http://www.paradoxmag.com/situs-judi-slot-online-terbaru-2021/

    http://slot-terbaru.net/

    Slot Gacor

    Slot Online

    Situs Slot Gacor

    http://www.appdexterity.com/

    https://cars4kids-deutschland.de/

    https://www.stretchingculture.com/

    https://www.b-123-hp.com/slot-gacor/

    https://denzstaffing.nl/

    https://ezbbqcooking.com/slot-gacor/

    https://www.mbahelp24.com/slot-gacor

    https://minhtanstore.com/slot-jackpot-terbesar/

    https://njbpusupplierdiversity.com/slot-gacor-gampang-menang/

    https://www.floridaspecialtycropfoundation.org/slot-gampang-menang/

    https://childrenscornerpreschool.org/slot-gacor-gampang-menang/

    https://cryptoquoter.com/slot-online-terbaik/

    https://alorkantho24.com/slot-gacor/

    https://ellas.xyz/slot-gacor/

    https://it.dougamatome.xyz/slot-online/

    https://www.daltercume.com/slot-gacor/

    https://josi-ana.dougamatome.xyz/slot88/

    https://josi-ana.dougamatome.xyz/slot-gacor/

    https://fastobserver.com/slot-jackpot-terbesar/

    https://www.planetexperts.com/slot-gacor/

    https://bfsolution.group/slot-bet-kecil/

    https://rustleva.co/slot/

    https://bfsolution.group/slot-bet-kecil/

    https://www.hotelcalimareal.com/togel-online/

    https://anime-game.dougamatome.xyz/slot-gacor-gampang-menang/

    https://anime-game.dougamatome.xyz/togel-online/

    https://bourbonbarrelfoods.com/slot/

    http://suneo39.wp.xdomain.jp/slot/

    https://techbizweb.com/slot-gacor/

    https://www.generalcatalyst.com/18-daftar-slot-gacor-terbaik-gampang-menang-jackpot-hari-ini/

    https://www.hotelcalimareal.com/slot-online/

    https://www.blockgates.io/slot-gacor/

    https://l12.com.br/slot-gacor/

    slot paling gacor

    https://www.donalds-hobby.com/slot-online/

    https://thecryptodirt.com/slot-gacor-hari-ini/

    http://iseta.edu.ar/aulavirtual/app/upload/users/1/1205/my_files/sbobet.html

    http://escuelavirtual.mincit.gov.co/app/upload/users/1/194/my_files/slot.html

    https://www.dev.medecinesfax.org/courses/JUDICASINO/document/slot.html

    http://www.e-archivos.org/cursos/courses/JUDICASINO/document/slot-gacor.html

    http://iesma.com.br/ead/main/upload/users/4/447/my_files/slot.html

    https://www.fundacoop.org/chamilo/app/upload/users/1/1185/my_files/slot.html

    https://fata-aatf.org/eskola/main/upload/users/3/31/my_files/slot.html

    https://uancv.edu.pe/ofinvestigacion/app/upload/users/3/328/my_files/slot-terlengkap.html

    https://micost.edu.my/EL/app/upload/users/2/209/my_files/slot-gacor.html

    https://www.academiacoderdojo.ro/elearningdev/app/upload/users/2/2442/my_files/slot-online.html

    http://campus-cidci.ulg.ac.be/courses/JUDICASINO/document/slot-termurah.html

    https://www.escueladerobotica.misiones.gob.ar/aula-ste/courses/LIVECASINO/document/slot-tergacor.html

    http://ccdipeepccqqfar.usac.edu.gt/chamilo/app/upload/users/3/358/my_files/slot-online.html

    https://cunori.edu.gt/campus/app/upload/users/7/7334/my_files/slot-online.html

    http://u-rus.com.ar/aula/app/upload/users/1/1322/my_files/slot.html

    http://icrodarisoveria.edu.it/chamilo/app/upload/users/1/1855/my_files/slot.html

    https://iestpliliagutierrez.edu.pe/clarolgm/courses/CASINO/document/slot.html

    http://pva.cobach.edu.mx/app/upload/users/7/7379/my_files/slot.html

    http://www.imb-pc-online.edu.gt/PL/app/upload/users/3/373/my_files/slot.html

    http://avcs.upeu.edu.pe/main/upload/users/3333/my_files/slot.html

    https://chamilo.fca.uas.edu.mx/app/upload/users/1/11186/my_files/slot-online/

    TechBizWeb
    Facebook Twitter Instagram Pinterest Vimeo YouTube
    • Home
    • Guest Post
    • About Us
    • Privacy Policy
    • Our Authors
    • Terms and Conditions
    • Contact
    © 2022 Tech Biz Web. Developed by Sawah Dev.

    Type above and press Enter to search. Press Esc to cancel.