Cybersecurity isn't an IT problem, it's a business problem

Cybersecurity isn't an IT problem, it's a business problem

up
327 readers like this

on

September 27, 2016
CIO Security Lock

The emergence of the CISO is a relatively recent phenomenon at many companies. Their success often relies upon educating the business from the ground up. In the process, companies become a lot better about how to handle security and certainly learn how not to handle it.

As a CIO, knowing the pulse of security is critical. I oversee a monthly technology steering committee that all the executives attend. The CISO reports during this meeting on the state of the security program. He also does an excellent job of putting risk metrics out there, color coded by red, yellow, and green. This kind of color grading allows us to focus attention on where we are and what we’re doing about it.

If you share a dashboard with executives regularly, they will become used to seeing it and accustomed to a conversation about current security realities. More importantly, what we have done — and this is all credit to our CISO — is to start a quarterly cybersecurity committee. This is a board-level committee, so everything reported in this meeting goes to the board as well. A cybersecurity council can allow for much more of a strategic discussion: “Here are the things we’re doing. Here’s the direction of the program. Here are some things that we’re looking to implement in the future.” It’s also an opportunity to talk about how the things that you’re going to do from a security standpoint might impact the business or benefit the business over the next months or quarters.

As I’ve said before, security isn’t an IT problem; it’s a business problem. That’s why it’s important to share articles and examples of how disruptive an attack can be to business. Now we’re more likely to hear an executive or board member say, “I saw this on the front page of The Wall Street Journal. How would this kind of exploit impact us?” And we have those kinds of conversations. So awareness is much higher.

The reality is, it’s often the publicity of other companies going through cybersecurity struggles that will help executives at your enterprise see that it could be you just as easily as it was them. They will start to ask a lot more questions because they want to know what is being done to protect them from something like that happening. Having the answers always puts IT and the CISO in a much stronger position.

One comment

Very well said, I totally

Very well said, I totally agree. Nowadays, due to more of digitization and Internet of things security management is under threat. We all know the data breach effects of IoT that apparently scares the IT department. I have read many good articles on cyber security, you can also read them here: https://goo.gl/aVRnBs

Tim Elkins joined PrimeLending in November 2008 as Senior Vice President, Chief Information Officer. In October 2012, Tim was promoted to executive vice president, chief information officer, and he is responsible for information security, IT operations, and technology initiatives. Before joining PrimeLending, he served as chief information officer at AmericaHomeKey and BSM Financial. Tim has more than 20 years of experience in the mortgage industry.

7 New CIO Rules of Road

CIOs: We welcome you to join the conversation

Related Topics

Submitted By Anil Somani
August 23, 2019

Sweeping transformations aren't the only area where organizations need change agents. Here's how to find and nurture people who are eager to make incremental changes every day. 

Submitted By Michael Crones
August 22, 2019

If IT has become disconnected from the business, it may be time to rethink your org chart. Draper's CIO shares how his team forged a tighter business relationship using a new IT role.

Submitted By Jason Lasseigne
August 22, 2019

Balancing high starting salaries for new graduates with those of IT veterans may feel challenging – but it doesn’t have to be. Are you truly taking care of your stars?

x

Email Capture

Keep up with the latest thoughts, strategies, and insights from CIOs & IT leaders.