[1]CISOs Find Collaboration Improves Resiliency:

  The [2]Advanced Cyber Security Center (ACSC) has published its first
  annual report, [3]Leveraging Board Governance for Cybersecurity, the
  CISO / CIO Perspective, the results of which highlight the need for
  boards to be active governance partners in collaborative cyber defense.

  Recognizing the shared value of collaboration across organizational
  functions and between and among organizations when talking about cyber
  defense, the ACSC report calls upon boards to adopt a holistic and
  dynamic understanding of their organization's cybersecurity
  responsibilities. In addition, boards are encouraged to maintain
  continuous direct access to CISOs and risk officers as well as with
  CIOs and other executives.

  The report found, "For the most part, boards are not in a position to
  provide strategic guidance on cyber risk," said Michael Figueroa,
  executive director of the ACSC in a press release. "In particular, the
  ACSC report has identified a need for a risk standard, much like those
  frameworks that financial and audit risk functions have refined over
  decades, that would help guide decision making and operations as they
  relate to cyber risk management."

  As part of the study, 20 ACSC member CISOs and CIOs from a wide range
  of organizations across multiple sectors worked in conjunction with
  four outside experts. Collectively, the focus group shared perspectives
  which revealed common themes and perceptions about board engagement as
  it relates to board-management relationship.

  ""I can't help but agree with the observations, in that all but the
  smallest organizations should have the CISO role defined as the go-to
  person for security," said Mukul Kumar, chief information security
  officer and VP of cyber practice at [4]Cavirin.

  "He or she manages up to others in the C-suite and the board, and ties
  together strategy across DevOps, SecOps, risk and compliance. The best
  example of a failure to clearly establish roles, responsibilities and
  lines of reporting is clearly outlined in the [5]House committee report
  on the Equifax breach."

  According to the report findings, the board-management relationships
  are only in the nascent or maturing stages, which indicates that in
  most cases the boards are not effectively guiding management in making
  strategic risk-based decisions.

  In addition, most boards are bereft of individuals with any real cyber
  expertise. The report recommended that they should make efforts to
  recruit members who can augment the board's ability to build strategic
  partnerships that provide guidance specifically related to cyber risk.

  "Boards should prioritize and support senior management's development
  of a new generation of outcome-based cyber risk management frameworks,
  and in the meantime, executives should use only a few operational
  metrics with boards," the report stated.

  (Via [6]Infosecurity)

  I see articles like this one, reporting on reports like this one, and
  only in specific circumstances do we see the kind of collaboration
  prescribed.
    __________________________________________________________________

  My original entry is here: [7]CISOs Find Collaboration Improves
  Resiliency. It posted Tue, 15 Jan 2019 21:56:11 +0000.
  Filed under: business,

References

  1. https://www.infosecurity-magazine.com/news/cisos-find-collaboration-improves/
  2. https://www.acscenter.org/
  3. https://www.acscenter.org/blog/why-the-ciso/ciso-perspective-should-matter-to-corporate-boards/
  4. https://www.cavirin.com/
  5. https://www.warren.senate.gov/imo/media/doc/2018.09.06 GAO Equifax report.pdf
  6. https://www.infosecurity-magazine.com/news/
  7. https://www.prjorgensen.com/?p=2529

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.