4. Reporting Lines
Consider the lines of reporting in your organization carefully. According to Jeff Spivey, international vice president of the Information Systems Audit and Control Association (ISACA), “the CISO should not report to the chief information officer.” It’s essential for the Chief Information Security Officer and team to have independence in the decisions they make, rather than having to run everything past the CIO.
Speed is critical when facing rapidly changing cyber security threats. Your organization’s IT security team must be able to make decisions quickly to protect the business. Empower your IT security experts to make decisions independently, so they can operate like a team that's expecting a strategic crisis in light of the huge range of threats that exists in 2016.
5. Cost Reduction and Controls
Cost reduction and controls go hand-in-hand in the cyber security industry. CIOs and CISOs alike must focus on the potential costs of a data breach in order to effectively protect your organization’s bottom line. Conduct a risk assessment on a regular basis to help identify where your data and systems are vulnerable to better associate potential costs a breach could cause your company. Don't forget to address the likelihood of a potential malicious attempt for those systems as well. You can now better allocate resources and strategically invest to mitigate impact to yourself.
In addition to cost reduction practices, executives in C-level information security positions should consider using third-party vendor management and compliance services. These services can often offer more cost-effective and comprehensive solutions than most can achieve in-house. Largely due to the specific focused experience, allocated time, and broader perspective required to tackle this continued hot topic.
CIOs and CISOs face many cyber security challenges in 2016. With budgets stagnant or even shrinking in many organizations, IT professionals need to find cost-effective ways of protecting against a rapidly evolving range of threats. Encourage agility, flexibility and innovation in your organization to stay safe in 2016.