Skip to main content

Featured

Protecting Employee Data is an Organization’s Legal Obligation or Is It?

In today’s world, countless organizations fall victim to data breaches that involve employee data. In 2014, I was engaged to lead the remediation efforts of a data breach for a Pennsylvania-based client.  Hackers gained access to the company’s employee payroll information containing the salaries, social security numbers and other Personal Identifying Information (PII) through an insecure email system. It was crucial to develop and execute a corporate security strategy along with the tactical tasks of remediating the breach.

During 2013 and in 2014, infamous cyberattacks resulting in significant data breaches occurred against notable companies such as Target Corporation, Home Depot, JP Morgan Chase, along with many others.

The legal repercussions from those events set off an avalanche of employee and customer lawsuits. Many banks subsequently filed suits against the afflicted organizations citing negligence and other allegations. Organizations did not view protecting employee data was…

How The Next-Generation CISO Will Lead Security Strategy


The role of the chief information security officer (CISO) must continually evolve just as businesses do. The next-generation security leader has to grasp the various demands of the board and communicate security risks and strategies in terms directors can understand. To protect the organization’s assets from the ever-changing threat landscape, this leader must possess a strong business acumen, a results-oriented mindset, and various board-level skills.

Speak the Board’s Language

The security leader needs to be business-facing most of the time in relation to a technical role. This is where productivity gets stymied since the CISO oversees technical environments with many tools and technologies implemented.

In a business environment, it is extremely important to convey technical details appropriately to a nontechnical audience. Next-generation CISOs must be able to communicate clearly to all executives and employees within their organizations. They must be visible, approachable and able to articulate security principles simply and concisely. They should also collaborate with contemporaries outside their organizations to gain a richer understanding of the CISO role.


It Takes All Kinds

The CISO role is all about leadership, like any other C-level position. The next-generation CISO must know how to delegate tasks based on skills that come from a variety of sources. You may have employees who are good at managing and leading a team, for example, and others who might excel at working with peers from various departments. Some employees might build leadership skills through their technical savvy as subject matter experts. A successful leader knows how to identify and harness these traits and these individuals to build a strong security program.

Aligning Security With Business Goals

It’s crucial for the CISO to be relevant to the business. This means taking on a more strategic role to pivot board conversations toward risk management. It also includes going beyond the negative consequences and explaining risk in terms of its positive effects, such as competitive advantage, business growth, and revenue expansion.

Relentless passion and a results-oriented drive are essential to delivering upon business goals. CISOs must build strong teams of security professionals who buy into these goals. They must also be adept at problem-solving, managing the concerns and expectations of stakeholders, and formulating effective solutions to complex problems.

Empowering the Next-Generation CISO

Finally, security leaders must possess certain board-level skills. Of course, they must master the vital aspects of managing security technologies and protecting both digital and physical assets. CISOs should focus on establishing strong security policies and communicating risks in plain, relevant terms to executives. They need to drive discussions in board meetings to educate, engage and align stakeholders with respect to their security strategies and initiatives.

The key is to understand that business operations and information assets are crown jewels. That principle should influence CISOs to institute strategic governance that prioritizes information security investments and aligns with business goals.

Comments