Why is OT security as important as IT security?

The Evolution of the CISO

The Increasingly Vital Role of the CISO - In the midst of facilitating organization-wide digital  transformation,  the CISO also must undergo his or her own professional transformation.

As a newer addition to the C-suite, the role of the Chief Information Security Officer (CISO) is one that is not found in every company. Increasingly, though, it is becoming apparent and essential to the modern enterprise.

While the Chief Security Officer (CSO) often is in charge of physical security, the CISO is differentiated by a range of responsibilities, including

• Security operations

• Cyber risk and intelligence

• Data loss and fraud prevention

• Security architecture and performance

• Identity and access management

• Third-party and vendor risk management

• Board reporting

• Investigations and forensics

• Governance

The role of the CISO is not without its challenges, both functionally and professionally. In addition to daily responsibilities and pressures, a CISO must demonstrate the communication skills, business savvy, and leadership required of a C-suite executive. In the midst of facilitating organization-wide digital transformation, the CISO also must undergo his or her own professional transformation to keep up with a world in serious need of cybersecurity leaders.

What Keeps the CISO Up At Night?

The CISO faces a number of functional challenges daily, especially in today’s security climate.

As part of his or her core responsibilities, the CISO juggles both technical and managerial duties, including: Strategic Alignment - The CISO must work to integrate his or her strategy with the mission of the organization so that its goals and appetite for risk are assessed properly.

Changing Regulations: Regulations change frequently as lawmakers pass legislation and new threats emerge. In the wake of GDPR, more governments at all levels are following suit, which means company standards for information security compliance will continue to become more complex.

Cloud Security: As components of the IT stack are moved from the data center to the cloud, the CISO is charged with improving security, identity, and access management across the public and private environments. At the same time, the security of on-premises legacy systems must be maintained.

Team Development: Researchers in the utilities industry estimate that there are fewer than 500 people in the U.S. with the necessary cybersecurity training and expertise to help them comply with regulations. In fact, the shortage of skilled personnel is growing. Plus, only 15 percent of cybersecurity professionals plan to stay in their current roles. With the average time-in-role for security personnel at just two to three years, a CISO must be an engaging, receptive leader that responds to employees’ needs and encourages their career growth and development in order to drive down attrition.

Emerging Technology: Security leaders also must keep up with current technology trends, not only to stay vigilant and innovative, but also to take advantage of emerging tools. AI, machine learning, automation, IoT, and 5G capabilities can help the organization achieve true digital transformation. Newer cloud-based security offerings enable security teams to detect threats across multiple parties and prioritize the most pressing issues.

Data Management: With data protection at the top of the priority list, the CISO regularly seeks out stronger data governance practices. At the same time, the CISO regularly must assess and clean data not only to keep it manageable and prevent slowing down the business, but also to reduce the amount of data to protect.

Incident Response and Remediation: Perhaps most challenging of all, the CISO must face the new reality: data breaches can and will happen. Broadening the focus on prevention to include strategic planning enables the CISO to address potential risk introduced by digital transformation and the increasing reliance on third-party providers. In addition, the use of technology to automate and scale security monitoring and other functions minimizes the impact of these efforts on the business.