{"id":68787,"date":"2023-08-10T17:26:52","date_gmt":"2023-08-10T15:26:52","guid":{"rendered":"https:\/\/10guards.com\/?p=68787"},"modified":"2023-08-10T17:29:00","modified_gmt":"2023-08-10T15:29:00","slug":"100-security-mission-impossible","status":"publish","type":"post","link":"https:\/\/10guards.com\/it\/blog\/2023\/08\/10\/100-security-mission-impossible\/","title":{"rendered":"100% security \u2014 mission impossible?"},"content":{"rendered":"<p class=\"qtranxs-available-languages-message qtranxs-available-languages-message-it\">Ci spiace, ma questo articolo \u00e8 disponibile soltanto in <a href=\"https:\/\/10guards.com\/en\/wp-json\/wp\/v2\/posts\/68787\" class=\"qtranxs-available-language-link qtranxs-available-language-link-en\" title=\"en\">en<\/a> e <a href=\"https:\/\/10guards.com\/ua\/wp-json\/wp\/v2\/posts\/68787\" class=\"qtranxs-available-language-link qtranxs-available-language-link-ua\" title=\"ua\">ua<\/a>.<\/p><p>At some point CIOs and CISOs have inevitably to provide a smart and clear answer to the sensitive question from the Board of Directors: Are we 100% secure?<\/p>\n<p>&nbsp;<\/p>\n<p>So, how does a security-conscious leader answer such an essential question in a practical, business-focused manner? Here are some of the Do\u2019s and Don\u2019ts of answering this crucial question:<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #afcf60;\"><strong>Do\u2019s:<\/strong><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Instead of saying \u201cWe are 100% secure,\u201d socialize and educate the C-suite on the term cybersecurity risk management. Indicate that the threat landscape continuously evolves therefore cyber risk management is regarded as a journey, not a destination. Focus on the risk they are ready to accept, given the many limitations based on company size and associated budget and resources.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>For presentations, have no more than five slides when presenting to the board\/leadership team. Talk in terms of risks to the business in the event of a potential security breach. Indicate the important\/critical business systems and communicate their impact on business operations, given the current and future threat landscape.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Explain how saying \u201cwe are 100% secure\u201d does not measure cyber risks effectively and, also how cyber maturity and risk management are the KPIs of the organization\u2019s cybersecurity and risk programs. As a security leader, it\u2019s imperative to explain that from the start.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Use security and compliance certifications. External validation and accreditation are critically important to organizations that secure their data and comply with regulatory requirements. Indicate that these are absolute must-haves. Again, communicate in terms of cyber maturity and risk management of critical business assets and potential impact on business.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Explain why organizations need to invest in tools\/technologies that integrate cyber maturity and security risk management metrics in the context of overall business risks. The board and CEO are well-versed in business risks and will understand this approach.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #afcf60;\"><strong>Don\u2019ts:<\/strong><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Never say: \u201cWe are 100% secure.\u201d<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Showcase a few, critical metrics in a presentation to the board and CEO. Don\u2019t mislead them by offering too many metrics.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Don\u2019t use industry security and compliance certifications as proof of the organization\u2019s 100% security \u2013 even if these serve to bolster the team\u2019s personal confidence. Consider the certifications the baseline of the program.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Don\u2019t use the plethora of tools\/technologies and transpose a dollar value to justify the \u201c100% secure\u201d narrative. Big budgets do not necessarily equate to being fully secure.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Security teams should also consider answering the same types of questions from business partners and customers. With that in mind, here are some important takeaways to consider:<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Stay proactive with the CEO and board. Educate them in terms of how the company wants to measure cyber risk management performance. Do this from the first meeting and at every subsequent meeting.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Take this proactive approach with customers and business partners. It\u2019s important to make many of these same points with customers, partners, prospects, and as well as internal<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Stress security awareness training programs. Educate the organization in terms of what makes sense in cyber risk management and what doesn\u2019t. Cultivate a cyber-aware culture from the executive management down, across the rank-and-file of your entire company.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<ul>\n<li>Leverage industry-accepted tools and technologies.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>Security leaders should not only showcase \u201cshiny\u201d slides but also effectively articulate and communicate with all relevant stakeholders on how the cyber risk management program performs. And by all means, try to acquire the necessary budget and resources to run an effective program to get as close to the utopian \u201c100% security\u201d as possible.<\/p>\n<p>&nbsp;<\/p>\n<p>Source: scmagazine.com<\/p>","protected":false},"excerpt":{"rendered":"<p>Ci spiace, ma questo articolo \u00e8 disponibile soltanto in en e ua.At some point CIOs and CISOs have inevitably to provide a smart and clear answer to the sensitive question from the Board of Directors: Are we 100% secure? &nbsp; So, how does a security-conscious leader answer such an essential question in a practical, business-focused [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":2058,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-68787","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/10guards.com\/wp-content\/uploads\/ciso-hacker-website-1.jpg","_links":{"self":[{"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/posts\/68787","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/comments?post=68787"}],"version-history":[{"count":3,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/posts\/68787\/revisions"}],"predecessor-version":[{"id":68790,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/posts\/68787\/revisions\/68790"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/media\/2058"}],"wp:attachment":[{"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/media?parent=68787"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/categories?post=68787"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/10guards.com\/it\/wp-json\/wp\/v2\/tags?post=68787"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}