CISO

What’s Really at Risk With Reputation Risk

When boards express anxiety about cybersecurity risk, one of the foremost fears they face is reputation risk. Why is that? Because cybersecurity failures do cause reputation damage, and reputation risk is scary. A security failure can immediately bring unwelcome headlines, hits to the share price and probing questions from business partners Security failures can also…

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

The Gap of Grief

How bad is it? When a security incident occurs, how confident are you that you can explain the impact to the rest of the organization in language that they understand? Despite all the money we have invested in security, it’s still too difficult to put security details in business context fast enough. When you can’t,…

The CISO White Elephant Party

The holiday season is the storm before the calm. Available time is occupied with getting ready for end-of-quarter / end-of-year, squeezing in meetings before folks depart, shopping, and of course attending white elephant gift exchange parties. These parties are notorious for exchanging absurd gifts that are burdensome, possibly expensive, and serve little purpose. If you’re…

The CISO as Investment Advisor

When it comes to job descriptions, there seems to be no limit to what can be placed in the realm of the Chief Information Security Officer (CISO) role.  The role is many times a collection of various responsibilities guided by the loosely defined “protect information assets” charter.  Of course there are elements of core security – access…