SlideShare ist ein Scribd-Unternehmen logo

Cyber security: five leadership issues worthy of Board and executive attention

R
Ramón Gómez de Olea y Bustinza

Russell Reynolds Associates aborda cinco cuestiones de liderazgo en materia de ciberseguridad que los Consejos de Administración y los ejecutivos deben preguntarse. Estas cuestiones abarcan diversos aspectos, desde el nivel de preparación del Consejo hasta la gestión del talento para proteger el negocio de una forma integral.

Leadership & Management
1 von 10
Downloaden Sie, um offline zu lesen
1 Cyber Security: Five Leadership Issues Worthy of Board and Executive Attention
2 Introduction How effectively does your board discuss emerging risks like cyber security? How plugged-in is your CISO? How effective is your chief information security officer (CISO) at clarifying the nature and urgency of cyber security risk with your board and executive team? Does your CISO maintain a siloed technology view or a broader business/risk view? Do you have the right leadership and talent in place to protect your business? 1 2 3 4 5
3 Board Readiness BOARD KNOWLEDGE OF EMERGING RISKS2 Despite changes in how boards view risk allocation—and additional focus on financial risk—most directors lack knowledge of emerging risks like cyber security. Director Understanding of Cyber Security Risks How effectively does your board address emerging risks like cyber security? Successful security strategies require boards to play a fundamental role. While boards have focused on mitigating financial risk by way of audit committees, they must now broaden their focus to include emerging risks like cyber security. As cyber security becomes a greater concern, boards must play a more active role in navigating their firm through an increasingly complex and challenging environment. Some knowledge 70.3%Little knowledge 19.2% High level of knowledge 10.5% VIEW FROM CISOs: IS YOUR BOARD OF DIRECTORS CONCERNED WITH SECURITY?1 Yes No Don’t know 78.73% 9.72% 11.55% KEY POINTS Being proactive by embracing a broader risk management approach and prioritizing key issues like cyber security are no longer options but a necessity. Managing risk is increasingly a board-wide function as focus on emerging threats like cyber security continues to increase. While boards give more of their attention to major risks like cyber security, most directors still lack a deep understanding of cyber security risk. 1. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 2. “2014-2015 Public Company Governance Survey,” National Association of Corporate Directors.
4 Clarifying Risk and Driving Urgency How effective is your CISO at clarifying the nature and urgency of cyber security risk with your board and executive team? As organizations continue to focus their attention on cyber security risks, CISOs will remain fundamental to developing and implementing the organization’s security strategy and vision. With boards increasingly dependent on CISOs for both information and the execution of security strategy, organizations must have the right security leadership in place and the proper reporting structure to establish key communication channels with the broader leadership team and to protect the enterprise. WHILE CYBER SECURITY IS A GROWING CONCERN, THERE STILL REMAINS A LACK OF COMMUNICATION BETWEEN THE EXECUTIVE TEAM AND THE CISO HAVING THE WRONG COMMUNICATION CHANNELS WITHIN AN ORGANIZATION HAS REAL FINANCIAL CONSEQUENCES5 TO WHOM DOES SECURITY REPORT IN YOUR ORGANIZATION?1 Despite the prominence of cyber security threats, most CISOs continue to report to the CIO. CEO 19.97% CFO 5.96% Audit 3.54% Board of Directors 10.79% CIO 59.74% 14% Organizations in which the CISO reported to the CIO experienced 14% more downtime due to cyber security incidents than those organizations in which the CISO reported directly to the CEO. 46% Financial losses were 46% higher in organizations where the CISO reported to the CIO than when the CISO reported to the CEO. According to PwC’s The Global State of Information Security Survey 2014, having the CISO report to almost any position in senior management other than the CIO (board of directors, CFO, etc.) reduced financial losses from cyber incidents. 49% of respondents in The Global State of Information Security Survey 2015 by PricewaterhouseCoopers said their organization had a cross- organizational team that regularly convenes to discuss, coordinate, and communicate information security issues.4 KEY POINTS Despite cyber security’s growing prominence, there remains a lack of communication between security leaders and senior leadership. Many firms still don’t have a proper reporting structure in place to establish better communication channels. Evidence suggests that having the CISO report to the CIO increases the likelihood and severity of security incidents. 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study. 2. Ibid. 3. US Cybersecurity: Progress Stalled – Key Findings from the 2015 US State of Cybercrime Survey, PwC, 2015. 4. The Global State of Information Security Survey 2015, PwC. 5. Ibid. 26% of respondents in a PricewaterhouseCoopers survey of over 500 executives and public officials said their CISO makes a security presentation to the board only once a year, while 30% of respondents said their senior security executive makes quarterly security presentations. 28% of respondents said their security leaders make no presentation at all.3
5 IT Expert or Business Leader? Does your CISO maintain a siloed technology view or a broader business/risk view? CISOs must operate strategically, ensuring clearly visible alignment between business strategy and cyber security strategy. Top CISOs have an influential and compelling voice at board meetings and in executive committee discussions. And CISOs articulate cyber security strategy not as a simple cost of doing business but, instead, as a crucial enabler of business outcomes. WHAT IS THE BIGGEST SKILL GAP YOU SEE IN TODAY’S SECURITY PROFESSIONALS?1 MANY CISOs STILL LACK THE CLOUT WITHIN THEIR ORGANIZATION TO UNDERSTAND THE BUSINESSES THEY PROTECT, THOUGH THIS UNDERSTANDING IS BECOMING INCREASINGLY IMPORTANT TO THEIR ROLE. 4 The growing complexity of organizations requires CISOs to both protect the enterprise and support broader business objectives. Managing this balance is increasingly important, not just to the near-term health of the business but to the long-term clout of the CISO role, a role that many organizations have elevated and have included in broader strategic decision making. Technical skills Ability to understand the business Communication 46% 42% 72% There is a prevailing sense that individuals in the CISO role are specialists with a narrow skill set. While half of executives believed CISOs provide valuable guidance to leadership, nearly one-fifth view the role as primarily an advisor to the CIO on cyber security strategy. 62% of CISOs developed their security strategy in conjunction with other strategies (primarily IT, risk and operations).3 61% of executives did not believe their CISO would succeed in a non-information security leadership position within their organization. 68% of executives did not agree that CISOs possessed broad awareness of organizational objectives and business needs outside of information security. 74% of executives did not believe CISOs should be part of organizational leadership teams. 28% of executives said a decision by their CISO has hurt their business’ bottom line.2 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study 2. “No Respect: Chief Information. Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 3. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 4. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. KEY POINTS The CISO role demands a strong understanding of the business, not just technical ability. There still remains a large number of security leaders who do not build their security strategy around the business. Many executives do not understand the CISO’s new, expanding role, which makes it challenging for CISOs to exert influence across the company and align cyber strategy with business strategy.
6 Having a Strong Relationship Network How plugged-in is your CISO? Information sharing has never been more essential. CISOs need a strong external network to better understand the extent of their vulnerabilities, to adopt best practices and to attract security talent. Being externally focused and proactive rather than internally focused is essential. SHARING THREAT INFORMATION1 CISOs face an increasingly complex security ecosystem. Communication among members of the ecosystem is extremely important, but organizations still are underperforming in this area. EXTERNAL COLLABORATION IS MORE IMPORTANT FOR MAINTAINING INDUSTRY BEST PRACTICES AND COUNTERING THREATS FROM THE SAME SOURCE3 1. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 2. Ibid. 3. ibid. of security vendors share information 57% of industry peers share information 51% of government organizations/agencies share information 43% of suppliers share information 22% Security ecosystem Suppliers Government organizations/ agencies Industry peers Security vendors “External collaboration gives security leaders a chance to observe industry practices and evolve with their peers to better understand where the “good stuff” is happening... The reality of today’s expansive threat landscape is that we can’t fully protect everything. Other firms face the same challenge so hearing the perspectives of my peers helps to improve our strategies around our most sensitive information.”2 John Taylor, former Global Head of IT Security, British American Tobacco 62% vs. 42% of security leaders believed industry-related security groups will become more necessary in the next three to five years. 86% While 62% of security leaders strongly agreed that the risk level to their organization was increasing due to the number of interactions and connections with customers, suppliers and partners, only 42% of organizations were a member of a formal industry-related security forum/group. KEY POINTS Protecting not just the firm but the ecosystem is becoming increasingly essential for organizations. In order to protect the ecosystem, CISOs must be externally focused and proactively build a strong network of contacts among customers, suppliers, security vendors, and government agencies. Regular communication among the firm’s existing stakeholders in the ecosystem is and will continue to be an important part of a sound security strategy.
7 Talent Is the Best Defense Do you have the right leadership and talent in place to protect your business? The increasing complexity of cyber security threats requires new types of security leaders who can go beyond their traditionally narrow technical domains and understand how to protect the business in a holistic way. Cyber security leaders who can effectively do these things are scarce. With a high demand for talent and a low supply, knowing where to look for talent will become increasingly critical. KEY POINTS As cyber security persists as a primary concern, the focus will shift heavily on talented leaders with both technical aptitude and business acumen. With a limited supply of talent, organizations must know where to find top talent in markets and sectors with which they may not be familiar, including the public sector. Developing bench strength below the CISO will become increasingly important as organizational challenges become more complex. THE CYBER TALENT GAP WILL PERSIST1 A study by the Ponemon Institute for Raytheon in 2015 showed that the verdict across regions was the same: Organizations need more knowledgeable and experienced cyber security practitioners. My Organization Needs More Knowledgeable and Experienced Cyber Security Practitioners FACTORS THAT WILL HINDER IMPROVEMENT OVER THE NEXT THREE YEARS2 WHERE DOES CYBER SECURITY TALENT COME FROM? CYBER SECURITY ARCHETYPES3 : 1. 2015 Global Megatrends in Cybersecurity, Ponemon Institute for Raytheon, February 2015. 2. Ibid. 3. Russell Reynolds Associates proprietary study. U.S. UK/Europe Middle East/ North Africa 67% 66% 65% Inability to hire and retain expert staff Lack of actionable intelligence Inability to minimize employee risk Lack of funding Lack of suitable technologies Increase in complexity Lack of C-level support Lack of cyber security leadership Increase in compliance burden 45% 44% 43% 34% 33% 31% 29% 22% 19% Organizations trying to prepare for the future face a number of challenges, including finding top talent. According to a major survey by the Ponemon Institute for Raytheon, the primary factor hindering improvement in cyber defense is the inability to hire and retain staff (45%), followed by a lack of actionable intelligence (44%) and the inability to curb employee-related security risks (43%). Profile 1: Professional Services/Audit Profile 2: General Technologists Profile 3: Military or Law Enforcement Professionals Profile 4: Cyber Security Threat Intelligence Specialists Profile 5: Corporate Development/ Strategy Executives Often holding a technical degree in engineering or computer science, these executives typically begin their career in the cyber security function of a large organization and climb their way to the top. Frequently holding a technical degree in engineering or computer science, these executives normally begin their career in corporate IT (e.g., applications development) and migrate to a specialization in cyber security. Less commonly holding a technical degree, these executives begin their career in the military or law enforcement, gaining technical expertise via experience and rising to a senior cyber security role before migrating to a senior position within the cyber security function of a corporation. Cutting-edge cyber threat intelligence specialists who are extremely technical, often coming out of organizations like the National Security Agency or the broader intelligence community. An emerging class of business leaders who are trained in cyber security and are positioned for broader risk management roles.
8 GLOBAL OFFICES Americas Atlanta Boston Buenos Aires Calgary Chicago Dallas Houston Los Angeles Mexico City Minneapolis/St. Paul Montréal New York Palo Alto San Francisco São Paulo Stamford Toronto Washington, D.C. EMEA Amsterdam Barcelona Brussels Copenhagen Dubai Frankfurt Hamburg Helsinki Istanbul London Madrid Milan Munich Oslo Paris Stockholm Warsaw Zurich Asia/Pacific Beijing Hong Kong Melbourne Mumbai New Delhi Seoul Shanghai Singapore Sydney Tokyo Russell Reynolds Associates is a global leader in assessment, recruitment and succession planning for boards of directors, chief executive officers and key roles within the C-suite. With more than 370 consultants in 46 offices around the world, we work closely with both public and private organizations across all industries and regions. We help our clients build boards and executive teams that can meet the challenges and opportunities presented by the digital, economic, environmental and political trends that are reshaping the global business environment. www.russellreynolds.com. Follow us on Twitter: @RRAonLeadership.
9 © Copyright 2015, Russell Reynolds Associates. All rights reserved. Americas Atlanta 1180 Peachtree St., NE Suite 2250 Atlanta, GA 30309-3521 United States of America Tel: +1-404-577-3000 Boston One Federal Street, 26th Fl. Boston, MA 02110-1007 United States of America Tel: +1-617-523-1111 Buenos Aires Manuela Sáenz 323 7th Floor, Suites 14 & 15 C1107BPA, Buenos Aires Argentina Tel: +54-11-4118-8900 Calgary Suite 750, Ernst & Young Tower 440-2nd Avenue SW Calgary, Alberta T2P 5E9 Canada Tel: +1-403-776-4175 Chicago 155 North Wacker Drive Suite 4100 Chicago, IL 60606-1732 United States of America Tel: +1-312-993-9696 Dallas 200 Crescent Court, Suite 1000 Dallas, TX 75201-1834 United States of America Tel: +1-214-220-2033 Houston 600 Travis Street, Suite 2200 Houston, TX 77002-2910 United States of America Tel: +1-713-754-5995 Los Angeles 11100 Santa Monica Blvd. Suite 350 Los Angeles, CA 90025-3384 United States of America Tel: +1-310-775-8940 Mexico City Torre Reforma 115 Paseo de la Reforma 115-1502 Lomas de Chapultepec 11000 México, D.F. México Tel: +52-55-5249-5130 Minneapolis/St. Paul IDS Center 80 South 8th St, Suite 1425 Minneapolis, MN 55402-2100 United States of America Tel: +1-612-332-6966 Montréal 2000, avenue McGill College 6e étage Montréal (Québec) H3A 3H3 Canada Tel: +1-514-416-3300 New York 200 Park Avenue Suite 2300 New York, NY 10166-0002 United States of America Tel: +1-212-351-2000 Palo Alto 260 Homer Avenue, Suite 202 Palo Alto, CA 94301-2777 United States of America Tel: +1-650-233-2400 San Francisco 101 California Street Suite 2900 San Francisco, CA 94111-5829 United States of America Tel: +1-415-352-3300 São Paulo Edifício Eldorado Business Tower Av. Nações Unidas, 8.501 11º 05425-070 São Paulo Brazil Tel: +55-11-3566-2400 Stamford 301 Tresser Boulevard Suite 1210 Stamford, CT 06901-3250 United States of America Tel: +1-203-905-3341 Toronto 40 King Street West Scotia Plaza, Suite 3410 Toronto, ON M5H 3Y2 Canada Tel: +1-416-364-3355 Washington, D.C. 1700 New York Avenue, NW Suite 400 Washington, D.C. 20006-5208 United States of America Tel: +1-202-654-7800 Asia/Pacific Beijing Unit 3422 China World Offfice 1 No. 1 Jian Guo Men Wai Avenue Beijing 100004 China Tel: +86-10-6535-1188 Hong Kong Room 1801, Alexandra House 18 Chater Road Central Hong Kong, China Tel: +852-2523-9123 Melbourne Level 51, Rialto Towers 525 Collins Street Melbourne, VIC 3000 Australia Tel: +61-3-9603-1300 Mumbai 63, 3 North Avenue, Maker Maxity Bandra Kurla Complex Bandra (East), Mumbai 400 051 India Tel: +91-22-6733-2222 New Delhi One Horizon Center, 14th floor Golf Course Road, Sector 43 DLF Phase-V, Gurgaon 122 002, Haryana India Tel: +91-11-4603-4600 Seoul 16F West Tower Mirae Asset Centre 1 Building 26 Eulji-ro 5-gil, Jung-gu Seoul 100-210 Korea Tel: +82-2-6030-3200 Shanghai Room 4504, Jin Mao Tower 88 Century Avenue Shanghai 200121 China Tel: +86-21-6163-0888 Singapore 12 Marina View #18-01 Asia Square Tower 2 Singapore 018961 Tel: +65-6225-1811 Sydney Level 25 1 Bligh Street Sydney NSW 2000 Australia Tel: +61-2-9258-3100 Tokyo Akasaka Biz Tower 37F 5-3-1 Akasaka Minato-ku, Tokyo 107-6337 Japan Tel: +81-3-5114-3700 EMEA Amsterdam World Trade Center, Tower H, 18th Floor Zuidplein 148 1077 XV Amsterdam The Netherlands Tel: +31-20-305-7630 Barcelona Avda. Diagonal, 613 2˚A 08028 Barcelona Spain Tel: +34-93-494-9400 Brussels Boulevard Saint-Michel 27 B-1040 Brussels Belgium Tel: +32-2-743-12-20 Copenhagen Kongens Nytorv 3 1050 Copenhagen K Denmark Tel: +45-33-69-23-20 Dubai Burj Daman Offices Tower Office C610, 6th floor DIFC, PO Box 507008 Dubai United Arab Emirates Tel: +971 50 6574346 Frankfurt OpernTurm, 60306 Frankfurt am Main Germany Tel: +49-69-75-60-90-0 Hamburg Stadthausbrücke 1-3/Fleethof 20355 Hamburg Germany Tel: +49-40-48-06-61-0 Helsinki Unioninkatu 22 00130 Helsinki Finland Tel: +358-9-6226-7000 Istanbul Cumhuriyet Cad. No 48 Kat: 4/B Pegasus Evi Elmadağ 34367 Şişli Istanbul / Türkiye Tel: +90-212-705-3550 London Almack House 28 King Street London SW1Y 6QW United Kingdom Tel: +44-20-7839-7788 Madrid Miguel Angel, 11, 7° 28010 Madrid Spain Tel: +34-91-319-7100 Milan Corso Giacomo Matteotti, 3 20121 Milan Italy Tel: +39-02-430-015-1 Munich Maximilianstraße 12-14 80539 München Germany Tel: +49-89-24-89-81-3 Oslo Haakon VIIs Gata 1 NO-0161 Oslo Norway Tel: +47-2203-8010 Paris 20 rue de la Paix 75002 Paris France Tel: +33-1-49-26-13-00 Stockholm Hamngatan 27 SE-111 47 Stockholm Sweden Tel: +46-8-545-074-40 Warsaw Belvedere Plaza ul. Belwederska 23 00-761 Warsaw Poland Tel: +48-22-851-68-38 Zürich Stampfenbachstrasse 5 8001 Zurich Switzerland Tel: +41-44-447-30-30
10 RussellReynolds.com

Empfohlen

Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber RiskMark Gibson
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?touchdown777a
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookChris Cornillie
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voiceIBM India Smarter Computing
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 

Empfohlen

Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber Risk10 Questions for the C-Suite in Assessing Cyber Risk
10 Questions for the C-Suite in Assessing Cyber RiskMark Gibson
 
What is WebSense?
What is WebSense?What is WebSense?
What is WebSense?touchdown777a
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
IREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookIREC165473PR RP 2017 Security Outlook
IREC165473PR RP 2017 Security OutlookChris Cornillie
 
Finding a strategic voice
Finding a strategic voiceFinding a strategic voice
Finding a strategic voiceIBM India Smarter Computing
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperBilha Diaz
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 
Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentIBM Security
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - ProtivitiSimone Luca Giargia
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 

Weitere ähnliche Inhalte

Was ist angesagt?

From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksAndréanne Clarke
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Ideba
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperBilha Diaz
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer
 

Was ist angesagt? (18)

From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Windstream Cloud Security Checklist
Windstream Cloud Security Checklist Windstream Cloud Security Checklist
Windstream Cloud Security Checklist
 
speaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaperspeaking-to-board-securiity-whitepaper
speaking-to-board-securiity-whitepaper
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House CounselAdam Palmer: Managing Advanced Cyber Threats for In-House Counsel
Adam Palmer: Managing Advanced Cyber Threats for In-House Counsel
 

Ähnlich wie Cyber security: five leadership issues worthy of Board and executive attention

Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentIBM Security
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital FutureCognizant
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...International Federation of Accountants
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraLuke Farrell
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Marketing Türkiye
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Rahul Neel Mani
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondLydia Shepherd
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
Harvey Nash UK & IRE Cyber Security Survey 2016
Harvey Nash UK & IRE Cyber Security Survey 2016Harvey Nash UK & IRE Cyber Security Survey 2016
Harvey Nash UK & IRE Cyber Security Survey 2016Bryan Smith
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013EY
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Niren Thanky
 
1674749167063.pdf
1674749167063.pdf1674749167063.pdf
1674749167063.pdfAlemayehu
 

Ähnlich wie Cyber security: five leadership issues worthy of Board and executive attention (20)

Insights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer AssessmentInsights from the IBM Chief Information Security Officer Assessment
Insights from the IBM Chief Information Security Officer Assessment
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
2015 IA survey - Protiviti
2015 IA survey - Protiviti2015 IA survey - Protiviti
2015 IA survey - Protiviti
 
Securing the Digital Future
Securing the Digital FutureSecuring the Digital Future
Securing the Digital Future
 
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
Responding to Cybersecurity Threats: What SMEs and Professional Accountants N...
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
Priming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive eraPriming your digital immune system: Cybersecurity in the cognitive era
Priming your digital immune system: Cybersecurity in the cognitive era
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015Cisco Yıllık Güvenlik Raporu 2015
Cisco Yıllık Güvenlik Raporu 2015
 
Security Incident Response Readiness Survey
Security Incident Response Readiness Survey Security Incident Response Readiness Survey
Security Incident Response Readiness Survey
 
Norman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respondNorman Broadbent Cybersecurity Report - How should boards respond
Norman Broadbent Cybersecurity Report - How should boards respond
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
Ey giss-under-cyber-attack
Ey giss-under-cyber-attackEy giss-under-cyber-attack
Ey giss-under-cyber-attack
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Harvey Nash UK & IRE Cyber Security Survey 2016
Harvey Nash UK & IRE Cyber Security Survey 2016Harvey Nash UK & IRE Cyber Security Survey 2016
Harvey Nash UK & IRE Cyber Security Survey 2016
 
Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013Under cyber attack: EY's Global information security survey 2013
Under cyber attack: EY's Global information security survey 2013
 
Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...Four mistakes to avoid when hiring your next security chief (print version ...
Four mistakes to avoid when hiring your next security chief (print version ...
 
1674749167063.pdf
1674749167063.pdf1674749167063.pdf
1674749167063.pdf
 

Kürzlich hochgeladen

GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607dollysharma2066
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentNimot Muili
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxalinstan901
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Pooja Nehwal
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdfAlejandromexEspino
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampPLCLeadershipDevelop
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic managementharfimakarim
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Pooja Nehwal
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysistanmayarora45
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field ArtilleryKennethSwanberg
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Hedda Bird
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxAss.Prof. Dr. Mogeeb Mosleh
 

Kürzlich hochgeladen (15)

GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
GENUINE Babe,Call Girls IN Baderpur Delhi | +91-8377087607
 
Beyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable developmentBeyond the Codes_Repositioning towards sustainable development
Beyond the Codes_Repositioning towards sustainable development
 
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 99 Noida Escorts >༒8448380779 Escort Service
 
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTECAbortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
Abortion pills in Jeddah |• +966572737505 ] GET CYTOTEC
 
Agile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptxAgile Coaching Change Management Framework.pptx
Agile Coaching Change Management Framework.pptx
 
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
Call now : 9892124323 Nalasopara Beautiful Call Girls Vasai virar Best Call G...
 
International Ocean Transportation p.pdf
International Ocean Transportation p.pdfInternational Ocean Transportation p.pdf
International Ocean Transportation p.pdf
 
Day 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC BootcampDay 0- Bootcamp Roadmap for PLC Bootcamp
Day 0- Bootcamp Roadmap for PLC Bootcamp
 
internal analysis on strategic management
internal analysis on strategic managementinternal analysis on strategic management
internal analysis on strategic management
 
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
Call Now Pooja Mehta : 7738631006 Door Step Call Girls Rate 100% Satisfactio...
 
Strategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal AnalsysisStrategic Management, Vision Mission, Internal Analsysis
Strategic Management, Vision Mission, Internal Analsysis
 
Intro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptxIntro_University_Ranking_Introduction.pptx
Intro_University_Ranking_Introduction.pptx
 
Safety T fire missions army field Artillery
Safety T fire missions army field ArtillerySafety T fire missions army field Artillery
Safety T fire missions army field Artillery
 
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...Dealing with Poor Performance - get the full picture from 3C Performance Mana...
Dealing with Poor Performance - get the full picture from 3C Performance Mana...
 
Reviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptxReviewing and summarization of university ranking system to.pptx
Reviewing and summarization of university ranking system to.pptx
 

Cyber security: five leadership issues worthy of Board and executive attention

  • 1. 1 Cyber Security: Five Leadership Issues Worthy of Board and Executive Attention
  • 2. 2 Introduction How effectively does your board discuss emerging risks like cyber security? How plugged-in is your CISO? How effective is your chief information security officer (CISO) at clarifying the nature and urgency of cyber security risk with your board and executive team? Does your CISO maintain a siloed technology view or a broader business/risk view? Do you have the right leadership and talent in place to protect your business? 1 2 3 4 5
  • 3. 3 Board Readiness BOARD KNOWLEDGE OF EMERGING RISKS2 Despite changes in how boards view risk allocation—and additional focus on financial risk—most directors lack knowledge of emerging risks like cyber security. Director Understanding of Cyber Security Risks How effectively does your board address emerging risks like cyber security? Successful security strategies require boards to play a fundamental role. While boards have focused on mitigating financial risk by way of audit committees, they must now broaden their focus to include emerging risks like cyber security. As cyber security becomes a greater concern, boards must play a more active role in navigating their firm through an increasingly complex and challenging environment. Some knowledge 70.3%Little knowledge 19.2% High level of knowledge 10.5% VIEW FROM CISOs: IS YOUR BOARD OF DIRECTORS CONCERNED WITH SECURITY?1 Yes No Don’t know 78.73% 9.72% 11.55% KEY POINTS Being proactive by embracing a broader risk management approach and prioritizing key issues like cyber security are no longer options but a necessity. Managing risk is increasingly a board-wide function as focus on emerging threats like cyber security continues to increase. While boards give more of their attention to major risks like cyber security, most directors still lack a deep understanding of cyber security risk. 1. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 2. “2014-2015 Public Company Governance Survey,” National Association of Corporate Directors.
  • 4. 4 Clarifying Risk and Driving Urgency How effective is your CISO at clarifying the nature and urgency of cyber security risk with your board and executive team? As organizations continue to focus their attention on cyber security risks, CISOs will remain fundamental to developing and implementing the organization’s security strategy and vision. With boards increasingly dependent on CISOs for both information and the execution of security strategy, organizations must have the right security leadership in place and the proper reporting structure to establish key communication channels with the broader leadership team and to protect the enterprise. WHILE CYBER SECURITY IS A GROWING CONCERN, THERE STILL REMAINS A LACK OF COMMUNICATION BETWEEN THE EXECUTIVE TEAM AND THE CISO HAVING THE WRONG COMMUNICATION CHANNELS WITHIN AN ORGANIZATION HAS REAL FINANCIAL CONSEQUENCES5 TO WHOM DOES SECURITY REPORT IN YOUR ORGANIZATION?1 Despite the prominence of cyber security threats, most CISOs continue to report to the CIO. CEO 19.97% CFO 5.96% Audit 3.54% Board of Directors 10.79% CIO 59.74% 14% Organizations in which the CISO reported to the CIO experienced 14% more downtime due to cyber security incidents than those organizations in which the CISO reported directly to the CEO. 46% Financial losses were 46% higher in organizations where the CISO reported to the CIO than when the CISO reported to the CEO. According to PwC’s The Global State of Information Security Survey 2014, having the CISO report to almost any position in senior management other than the CIO (board of directors, CFO, etc.) reduced financial losses from cyber incidents. 49% of respondents in The Global State of Information Security Survey 2015 by PricewaterhouseCoopers said their organization had a cross- organizational team that regularly convenes to discuss, coordinate, and communicate information security issues.4 KEY POINTS Despite cyber security’s growing prominence, there remains a lack of communication between security leaders and senior leadership. Many firms still don’t have a proper reporting structure in place to establish better communication channels. Evidence suggests that having the CISO report to the CIO increases the likelihood and severity of security incidents. 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study. 2. Ibid. 3. US Cybersecurity: Progress Stalled – Key Findings from the 2015 US State of Cybercrime Survey, PwC, 2015. 4. The Global State of Information Security Survey 2015, PwC. 5. Ibid. 26% of respondents in a PricewaterhouseCoopers survey of over 500 executives and public officials said their CISO makes a security presentation to the board only once a year, while 30% of respondents said their senior security executive makes quarterly security presentations. 28% of respondents said their security leaders make no presentation at all.3
  • 5. 5 IT Expert or Business Leader? Does your CISO maintain a siloed technology view or a broader business/risk view? CISOs must operate strategically, ensuring clearly visible alignment between business strategy and cyber security strategy. Top CISOs have an influential and compelling voice at board meetings and in executive committee discussions. And CISOs articulate cyber security strategy not as a simple cost of doing business but, instead, as a crucial enabler of business outcomes. WHAT IS THE BIGGEST SKILL GAP YOU SEE IN TODAY’S SECURITY PROFESSIONALS?1 MANY CISOs STILL LACK THE CLOUT WITHIN THEIR ORGANIZATION TO UNDERSTAND THE BUSINESSES THEY PROTECT, THOUGH THIS UNDERSTANDING IS BECOMING INCREASINGLY IMPORTANT TO THEIR ROLE. 4 The growing complexity of organizations requires CISOs to both protect the enterprise and support broader business objectives. Managing this balance is increasingly important, not just to the near-term health of the business but to the long-term clout of the CISO role, a role that many organizations have elevated and have included in broader strategic decision making. Technical skills Ability to understand the business Communication 46% 42% 72% There is a prevailing sense that individuals in the CISO role are specialists with a narrow skill set. While half of executives believed CISOs provide valuable guidance to leadership, nearly one-fifth view the role as primarily an advisor to the CIO on cyber security strategy. 62% of CISOs developed their security strategy in conjunction with other strategies (primarily IT, risk and operations).3 61% of executives did not believe their CISO would succeed in a non-information security leadership position within their organization. 68% of executives did not agree that CISOs possessed broad awareness of organizational objectives and business needs outside of information security. 74% of executives did not believe CISOs should be part of organizational leadership teams. 28% of executives said a decision by their CISO has hurt their business’ bottom line.2 1. State of Cybersecurity: Implications for 2015, ISACA and RSA Conference Study 2. “No Respect: Chief Information. Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. 3. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 4. “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by their C-level Peers,” ThreatTrack Security, 2014. KEY POINTS The CISO role demands a strong understanding of the business, not just technical ability. There still remains a large number of security leaders who do not build their security strategy around the business. Many executives do not understand the CISO’s new, expanding role, which makes it challenging for CISOs to exert influence across the company and align cyber strategy with business strategy.
  • 6. 6 Having a Strong Relationship Network How plugged-in is your CISO? Information sharing has never been more essential. CISOs need a strong external network to better understand the extent of their vulnerabilities, to adopt best practices and to attract security talent. Being externally focused and proactive rather than internally focused is essential. SHARING THREAT INFORMATION1 CISOs face an increasingly complex security ecosystem. Communication among members of the ecosystem is extremely important, but organizations still are underperforming in this area. EXTERNAL COLLABORATION IS MORE IMPORTANT FOR MAINTAINING INDUSTRY BEST PRACTICES AND COUNTERING THREATS FROM THE SAME SOURCE3 1. Fortifying for the Future of Security, IBM 2014 CISO Assessment. 2. Ibid. 3. ibid. of security vendors share information 57% of industry peers share information 51% of government organizations/agencies share information 43% of suppliers share information 22% Security ecosystem Suppliers Government organizations/ agencies Industry peers Security vendors “External collaboration gives security leaders a chance to observe industry practices and evolve with their peers to better understand where the “good stuff” is happening... The reality of today’s expansive threat landscape is that we can’t fully protect everything. Other firms face the same challenge so hearing the perspectives of my peers helps to improve our strategies around our most sensitive information.”2 John Taylor, former Global Head of IT Security, British American Tobacco 62% vs. 42% of security leaders believed industry-related security groups will become more necessary in the next three to five years. 86% While 62% of security leaders strongly agreed that the risk level to their organization was increasing due to the number of interactions and connections with customers, suppliers and partners, only 42% of organizations were a member of a formal industry-related security forum/group. KEY POINTS Protecting not just the firm but the ecosystem is becoming increasingly essential for organizations. In order to protect the ecosystem, CISOs must be externally focused and proactively build a strong network of contacts among customers, suppliers, security vendors, and government agencies. Regular communication among the firm’s existing stakeholders in the ecosystem is and will continue to be an important part of a sound security strategy.
  • 7. 7 Talent Is the Best Defense Do you have the right leadership and talent in place to protect your business? The increasing complexity of cyber security threats requires new types of security leaders who can go beyond their traditionally narrow technical domains and understand how to protect the business in a holistic way. Cyber security leaders who can effectively do these things are scarce. With a high demand for talent and a low supply, knowing where to look for talent will become increasingly critical. KEY POINTS As cyber security persists as a primary concern, the focus will shift heavily on talented leaders with both technical aptitude and business acumen. With a limited supply of talent, organizations must know where to find top talent in markets and sectors with which they may not be familiar, including the public sector. Developing bench strength below the CISO will become increasingly important as organizational challenges become more complex. THE CYBER TALENT GAP WILL PERSIST1 A study by the Ponemon Institute for Raytheon in 2015 showed that the verdict across regions was the same: Organizations need more knowledgeable and experienced cyber security practitioners. My Organization Needs More Knowledgeable and Experienced Cyber Security Practitioners FACTORS THAT WILL HINDER IMPROVEMENT OVER THE NEXT THREE YEARS2 WHERE DOES CYBER SECURITY TALENT COME FROM? CYBER SECURITY ARCHETYPES3 : 1. 2015 Global Megatrends in Cybersecurity, Ponemon Institute for Raytheon, February 2015. 2. Ibid. 3. Russell Reynolds Associates proprietary study. U.S. UK/Europe Middle East/ North Africa 67% 66% 65% Inability to hire and retain expert staff Lack of actionable intelligence Inability to minimize employee risk Lack of funding Lack of suitable technologies Increase in complexity Lack of C-level support Lack of cyber security leadership Increase in compliance burden 45% 44% 43% 34% 33% 31% 29% 22% 19% Organizations trying to prepare for the future face a number of challenges, including finding top talent. According to a major survey by the Ponemon Institute for Raytheon, the primary factor hindering improvement in cyber defense is the inability to hire and retain staff (45%), followed by a lack of actionable intelligence (44%) and the inability to curb employee-related security risks (43%). Profile 1: Professional Services/Audit Profile 2: General Technologists Profile 3: Military or Law Enforcement Professionals Profile 4: Cyber Security Threat Intelligence Specialists Profile 5: Corporate Development/ Strategy Executives Often holding a technical degree in engineering or computer science, these executives typically begin their career in the cyber security function of a large organization and climb their way to the top. Frequently holding a technical degree in engineering or computer science, these executives normally begin their career in corporate IT (e.g., applications development) and migrate to a specialization in cyber security. Less commonly holding a technical degree, these executives begin their career in the military or law enforcement, gaining technical expertise via experience and rising to a senior cyber security role before migrating to a senior position within the cyber security function of a corporation. Cutting-edge cyber threat intelligence specialists who are extremely technical, often coming out of organizations like the National Security Agency or the broader intelligence community. An emerging class of business leaders who are trained in cyber security and are positioned for broader risk management roles.
  • 8. 8 GLOBAL OFFICES Americas Atlanta Boston Buenos Aires Calgary Chicago Dallas Houston Los Angeles Mexico City Minneapolis/St. Paul Montréal New York Palo Alto San Francisco São Paulo Stamford Toronto Washington, D.C. EMEA Amsterdam Barcelona Brussels Copenhagen Dubai Frankfurt Hamburg Helsinki Istanbul London Madrid Milan Munich Oslo Paris Stockholm Warsaw Zurich Asia/Pacific Beijing Hong Kong Melbourne Mumbai New Delhi Seoul Shanghai Singapore Sydney Tokyo Russell Reynolds Associates is a global leader in assessment, recruitment and succession planning for boards of directors, chief executive officers and key roles within the C-suite. With more than 370 consultants in 46 offices around the world, we work closely with both public and private organizations across all industries and regions. We help our clients build boards and executive teams that can meet the challenges and opportunities presented by the digital, economic, environmental and political trends that are reshaping the global business environment. www.russellreynolds.com. Follow us on Twitter: @RRAonLeadership.
  • 9. 9 © Copyright 2015, Russell Reynolds Associates. All rights reserved. Americas Atlanta 1180 Peachtree St., NE Suite 2250 Atlanta, GA 30309-3521 United States of America Tel: +1-404-577-3000 Boston One Federal Street, 26th Fl. Boston, MA 02110-1007 United States of America Tel: +1-617-523-1111 Buenos Aires Manuela Sáenz 323 7th Floor, Suites 14 & 15 C1107BPA, Buenos Aires Argentina Tel: +54-11-4118-8900 Calgary Suite 750, Ernst & Young Tower 440-2nd Avenue SW Calgary, Alberta T2P 5E9 Canada Tel: +1-403-776-4175 Chicago 155 North Wacker Drive Suite 4100 Chicago, IL 60606-1732 United States of America Tel: +1-312-993-9696 Dallas 200 Crescent Court, Suite 1000 Dallas, TX 75201-1834 United States of America Tel: +1-214-220-2033 Houston 600 Travis Street, Suite 2200 Houston, TX 77002-2910 United States of America Tel: +1-713-754-5995 Los Angeles 11100 Santa Monica Blvd. Suite 350 Los Angeles, CA 90025-3384 United States of America Tel: +1-310-775-8940 Mexico City Torre Reforma 115 Paseo de la Reforma 115-1502 Lomas de Chapultepec 11000 México, D.F. México Tel: +52-55-5249-5130 Minneapolis/St. Paul IDS Center 80 South 8th St, Suite 1425 Minneapolis, MN 55402-2100 United States of America Tel: +1-612-332-6966 Montréal 2000, avenue McGill College 6e étage Montréal (Québec) H3A 3H3 Canada Tel: +1-514-416-3300 New York 200 Park Avenue Suite 2300 New York, NY 10166-0002 United States of America Tel: +1-212-351-2000 Palo Alto 260 Homer Avenue, Suite 202 Palo Alto, CA 94301-2777 United States of America Tel: +1-650-233-2400 San Francisco 101 California Street Suite 2900 San Francisco, CA 94111-5829 United States of America Tel: +1-415-352-3300 São Paulo Edifício Eldorado Business Tower Av. Nações Unidas, 8.501 11º 05425-070 São Paulo Brazil Tel: +55-11-3566-2400 Stamford 301 Tresser Boulevard Suite 1210 Stamford, CT 06901-3250 United States of America Tel: +1-203-905-3341 Toronto 40 King Street West Scotia Plaza, Suite 3410 Toronto, ON M5H 3Y2 Canada Tel: +1-416-364-3355 Washington, D.C. 1700 New York Avenue, NW Suite 400 Washington, D.C. 20006-5208 United States of America Tel: +1-202-654-7800 Asia/Pacific Beijing Unit 3422 China World Offfice 1 No. 1 Jian Guo Men Wai Avenue Beijing 100004 China Tel: +86-10-6535-1188 Hong Kong Room 1801, Alexandra House 18 Chater Road Central Hong Kong, China Tel: +852-2523-9123 Melbourne Level 51, Rialto Towers 525 Collins Street Melbourne, VIC 3000 Australia Tel: +61-3-9603-1300 Mumbai 63, 3 North Avenue, Maker Maxity Bandra Kurla Complex Bandra (East), Mumbai 400 051 India Tel: +91-22-6733-2222 New Delhi One Horizon Center, 14th floor Golf Course Road, Sector 43 DLF Phase-V, Gurgaon 122 002, Haryana India Tel: +91-11-4603-4600 Seoul 16F West Tower Mirae Asset Centre 1 Building 26 Eulji-ro 5-gil, Jung-gu Seoul 100-210 Korea Tel: +82-2-6030-3200 Shanghai Room 4504, Jin Mao Tower 88 Century Avenue Shanghai 200121 China Tel: +86-21-6163-0888 Singapore 12 Marina View #18-01 Asia Square Tower 2 Singapore 018961 Tel: +65-6225-1811 Sydney Level 25 1 Bligh Street Sydney NSW 2000 Australia Tel: +61-2-9258-3100 Tokyo Akasaka Biz Tower 37F 5-3-1 Akasaka Minato-ku, Tokyo 107-6337 Japan Tel: +81-3-5114-3700 EMEA Amsterdam World Trade Center, Tower H, 18th Floor Zuidplein 148 1077 XV Amsterdam The Netherlands Tel: +31-20-305-7630 Barcelona Avda. Diagonal, 613 2˚A 08028 Barcelona Spain Tel: +34-93-494-9400 Brussels Boulevard Saint-Michel 27 B-1040 Brussels Belgium Tel: +32-2-743-12-20 Copenhagen Kongens Nytorv 3 1050 Copenhagen K Denmark Tel: +45-33-69-23-20 Dubai Burj Daman Offices Tower Office C610, 6th floor DIFC, PO Box 507008 Dubai United Arab Emirates Tel: +971 50 6574346 Frankfurt OpernTurm, 60306 Frankfurt am Main Germany Tel: +49-69-75-60-90-0 Hamburg Stadthausbrücke 1-3/Fleethof 20355 Hamburg Germany Tel: +49-40-48-06-61-0 Helsinki Unioninkatu 22 00130 Helsinki Finland Tel: +358-9-6226-7000 Istanbul Cumhuriyet Cad. No 48 Kat: 4/B Pegasus Evi Elmadağ 34367 Şişli Istanbul / Türkiye Tel: +90-212-705-3550 London Almack House 28 King Street London SW1Y 6QW United Kingdom Tel: +44-20-7839-7788 Madrid Miguel Angel, 11, 7° 28010 Madrid Spain Tel: +34-91-319-7100 Milan Corso Giacomo Matteotti, 3 20121 Milan Italy Tel: +39-02-430-015-1 Munich Maximilianstraße 12-14 80539 München Germany Tel: +49-89-24-89-81-3 Oslo Haakon VIIs Gata 1 NO-0161 Oslo Norway Tel: +47-2203-8010 Paris 20 rue de la Paix 75002 Paris France Tel: +33-1-49-26-13-00 Stockholm Hamngatan 27 SE-111 47 Stockholm Sweden Tel: +46-8-545-074-40 Warsaw Belvedere Plaza ul. Belwederska 23 00-761 Warsaw Poland Tel: +48-22-851-68-38 Zürich Stampfenbachstrasse 5 8001 Zurich Switzerland Tel: +41-44-447-30-30