Skip links

CISO Tips for Implementing an Enterprise Information Security Strategy

As cyber threats continue to multiply and evolve, Chief Information Security Officers face numerous challenges in maintaining information security for their organization, often on a limited budget. Understanding top risks helps a CISO prioritize and implement an effective enterprise information security strategy.

Top CISO Priorities for 2020

Today, those in charge of cyber security can no longer justify a singular focus on protecting just the company’s own servers and data. Increasingly, they need to come up with strategies to increase product security. As more and more products come with some form of networking capability, prospective customers tend to have concerns about security.

To date, several states have enacted legislation imposing due-diligence obligations to ensure proper security by third-party vendors who store or have access to a company’s customer’s non-public information. Information chiefs must develop processes to ensure legal compliance.

As an increasing number of networked devices appear on corporate premises, information security also demands attention to the vulnerabilities they present. While proprietary systems tend to be well-protected, Chief Information Security Officers are becoming increasingly aware of the possibility of attack through any device that connects to a company network.

Another hallmark of how information works today is its increasing decentralization. Blockchain systems and cloud storage are some examples of ways information passes through outside channels. These types of systems need specific defense strategies to protect the unique vulnerabilities they present.

Worries That Keep CISOs Up at Night

While the risk of cyber threats continue to grow, the number of qualified security professionals does not. Currently, the supply of security workers is ranked very low in the United States, with almost half as many job openings as there currently people employed in the field. Chief Information Security Officers see an expanding need for trained people to fill the high number of necessary, specialized positions. Unfortunately, the need for these jobs is currently higher than available workers to fill them.

One form of cyber-attack currently on the rise is the purposeful causing of internet outages. A connectivity shutdown can lead to a high level of financial loss. Depending on the types of organizations targeted, loss of internet connection can even lead to loss of life. To address this possibility, CISOs are developing processes and systems to maintain communications during a connectivity failure, as well as systems to monitor and preempt potential threats in this area.

Getting the Board on Your Side

To implement an effective cybersecurity strategy, you need buy-in from your organization’s board members. They will want to understand the specific reasons for each item on your agenda, including an explanation of how that item defends against a particular type of threat. Further, today’s boards and executives generally do not see cyber defense as an area separate from the company’s main goals.

Board members want to see that your defense strategy aligns with and supports the organization’s mission. A Chief Information Security Officer should demonstrate an understanding of, and commitment to, organizational goals. To get access to resources, you need to implement an effective defense and give your board the big picture of how your strategy brings value to the organization as a whole.

Hancock & Poole Security provides a wide range of services to support your information security planning, including help with regulatory compliance. Please contact us or call (866) 443-7841 to learn more about how we can help you protect your company.