THE CISO STORY
CISOs have slowly become an integral part of our digital landscape. The consequent impact on the enterprises does not seem to be visible. Enterprises seem to be as vulnerable as ever & their climb down on the vulnerability index is yet to start. The surface area and the threat vectors have increased considerably & the capability of the organisation to match the threat requirements, with CISO as the main facilitator & enabler has to happen now. The CISOs & the businesses should be in control of the cyber security scenario in the very same manner as the business imperatives.
The Confidentiality, Availability & Integrity, CIA triad we are familiar with, the recent addition of Resilience as the underpinning of the enterprise has lots of connotations. How much has the CISO been able to understand the Resilience concept & and what part of it can he make it to real tangible deliverable is the moot question. What are the skeletal services which swing into action & to what effectiveness, necessarily maintaining the CIA triad. When & how can all the services can get back into operation has to be cracked upon.
The CISO responses in large of conferences does not make one believe that we have made any great headway. Job description of all CISOs remain the same, whereas the responses are different. May be large part depends on the level & quantum of training imparted to them and the level of hands on expertise they have picked to handle their job. More & more outsourcing is not the answer , where in reality only one last end Professional does the job.
Does the enterprise in all its operations & in all its Human Resource’s imbibe the cyber security ethos & its operations? Or is it just another compliance issue? Compliance issue approach has brought us to this situation and giving up this mindset can only sort out matters. It’s an area which needs immense focus and unflinching never say never die approach.
REDEFINING CISOs ROLE & ITS ENTERPRISE LEVEL ENABLEMENT CAN IMPROVE OUR RESPONSE.