The Human Factor

Posted by aproc002 on

The first thing I would do as a CISO is figure out and understand what the overall goals and priorities of the organization are. I would do this by interviewing my employees, as well as the midlevel leaders and customers to get a sense of the collective mindset, purposes, and priorities of the people that make up the organization. Next, I would identify the “crown jewels” of the organization, which are the top priorities and goals, as well as what information and digital assets we need to protect and to what extent. (Turgal). I would then compose a risk management plan, identifying and writing down every asset and resource, ranking them from most important to least when it comes to security, which members of the business would be responsible for maintaining the security, who could be held accountable if such assets or information were to get compromised or breached, and ultimately, how much everything would cost.

I would sit down first with the financial teams and midlevel and executive management, and lastly the team of employees that I would have assigned the tasks of management to and make sure that they all understand the goals and priorities of the company are as well as what their roles and duties would be. I would make sure that the financial plan that we come up with collectively is understood and carried out, making sure that we spend the most money towards the high priorities of the company, and how much we would allocate funds in the other areas of the organization. Throughout the year, I would ensure that everybody remains on the same page when it comes to security by holding quarterly meetings, ensuring that the company is checking all the marks and that there is constant, thorough communication between the executive leaders, the board, as well as security leaders. (Turgal). Overall, it’s important to realize that although a budget is limiting, and it would be impossible to spend the amount that we would like to, managing the money and funds the right way, focusing on priorities as well as risk management, and making sure that every staff member involved with the success of the company is on board and on the same page with the goals of the business.







https://www.darkreading.com/careers-and-people/6-things-every-ciso-should-do-the-first-90-days-on-the-job

Leave a Reply

Your email address will not be published. Required fields are marked *