It is important to know about the CISO dos and don’ts, not only for the CISO itself but for the betterment of everything around the company.
According to some, the CISO’s role is defined not only as a leader but also as a reasonable humanitarian and an effective co-worker.
The CISO has to keep many balls in the air while being buffeted by an increasingly complex and always shifting threat landscape. Well, we should not underestimate the importance of good CISO.
On the other hand, there are no specific requirements to get a perfect CISO that fills in every need with immortality standards. However, we compiled some practical do’s and don’ts that every CISO must know.
We scattered the Internet and came up with these important key points for you to have a more productive role.
CISO Dos and Don’ts
- Taking care of your team. Team building activities, research, and industry-wide gatherings should be used and encouraged. Listen to your team and engage with them.
- Mentoring. Key to forming the next generation of information security professionals
- Open-source collaboration. Helps drive the next generation of products and helps shape the industry
- Collaboration. The closer the collaboration is with similar industry partners, the more reliable the information is.
- Communication and presentation skills. Make decisions based on data, not on emotions or personal reasons. A CISO should always be prepared with information about the cost and the latest statistics.
- Understand the business and have an understanding of finances. You can do this by looking at the latest statistics through your own records or staff’s records. Understanding of the business will always be a must in the first place.
- Strategic planning. Of course, after knowing the latest situation of the company, you have to provide a strategy to maintain the system’s productivity and security or to create new countermeasures if threats come to fruition. The facts must back up all of these.
- Be willing to ask for help. Know your swim lane, and ask for help when outside it. It may be hard for some in higher positions to humble themself and ask for help but it’s the reality one must face in order to succeed. It’s a basic principle to success and team concept.
- Ensures that the company is secure enough. And also, hold accountable if something wrong happens
- Acting as if you can’t fail. The important thing is to fail fast and to recover even faster.
- A CISO should find a way to not to frustrate if the board of directors keeps saying “No”.
- Don’t focus on incident response. Have a person report to you.
- You only don’t need to know more than the basics of legal/compliance
- You’re not a penetration-tester.
- You don’t need to know more than the basics of program management
Also, the CISO and the security team need to understand that the organization is there to deliver products and services as fast as possible, and they must find a way to make their work easier while, at the same time, keeping the business safe.