Much has been said about the importance of a chief information security officer (CISO), but it is vital for these professionals to maintain C-level friendships as information security becomes an increasingly important aspect of business survivability.
Successful CISOs should have many types of friends with whom they can pleasurably discuss daily business life, IT goals, strategies, visions and missions. These will likely all revolve around the cloud, big data and analytics, mobile, social media and security. Together, these professionals prepare for different risky situations and justify business adventures that none of their competitors even dare participate in.
With time, the number of potential friends a CISO can have is increasing, especially in fields that expect strong collaboration, such as business growth, innovation, investment, government and regulatory changes and value proposition. These friends can enhance and add value to the CISO’s solutions. Unfortunately, sometimes there is a lack of clear understanding of how each C-level friend helps the CISO.
Executives
The CISO and chief executive officer (CEO) are best friends that never speak about security. CISOs always collaborate with others, converting security threats into overall business risk and focusing on the most vital assets. More often, these are “invisible” assets, such as advantage in the marketplace, goodwill, copyrights, trademarks and patents. Friendships are important to CEOs because of the tremendous influence they hold over survivability. Both CEOs and CISOs are business leaders and see security as a business imperative, rather than a technology imperative.
Technology and Information
The chief technology officer and chief information officer are the CISO’s close friends — or, rather, classmates or group members. They get along with and understand each other with a glance. This trio is excellent at avoiding breaches and data loss by investing in and implementing cutting-edge technologies to meet business goals.
Finance, Legislation and Human Resources
The chief financial officer, chief legal officer and chief human resources officer capitally supplement the CISO. They possess an extraordinary knowledge base that helps them improve security practices (through financial transactions, compliance and culture), obviate losses due to a breach or incident and translate metrics into business results. They are highly esteemed by CISOs.
Operation and Risk
Almost daily, CISOs work with chief operating officers, chief risk officers and managed security services providers to bring more value to the business by enhancing its security program and risk processes, minimizing operational downtime and integrating security metrics with business risk measurements.
Taking Advantage
It is the CISO’s responsibility to establish relationships with all these employees since their support, knowledge and experience can be critical for success. They all look at challenges in different ways. A good friend of a CISO will do the following:
- Listen, ask, understand, do and say;
- Value and promote business vision, strategy and goals;
- Proactively align with business initiatives;
- Be honest, clear and avoid security-related terminology;
- Avoid abusing time, which costs money;
- Keep in touch with friends to boost moral spirit.
Building Friendships Is a Business Survivability Strategy for a CISO
With these friends, businesses should be ready to take risks and not be afraid to take brave, bold steps. Often, risk can be a good thing. Taking advised, yet risky decisions is what helps businesses grow. The resulting friendships are the stimuli for improvement and moving forward to make the business survivable.
View the infographic: Insights from the 2014 CISO Assessment
Director, ISACA Kyiv Chapter