The need for CISOs to establish strong trust & rapport

Prashant Haldankar, Chief Information Security Officer at Sekuro

The Chief Information Security Officer’s (CISO) function is frequently viewed as a hybrid of the CIO and CSO, and as the position is developed and redefined, the usefulness of the position is frequently questioned.

According to some, CISOs have the important responsibility of ensuring that a company’s security posture is up to par, but their efficacy depends on the team’s overall support. That is to say, as security is the responsibility of the whole organization, the CISO’s interaction with CEOs and other corporate leaders is just as crucial as how they collaborate with the security or IT team. CIO World Asia spoke with Prashant Haldankar, Chief Information Security Officer at Sekuro about dissecting the role of the CISO in 2022.

The roles of CIOs and CSOs meet in regards to aligning priorities

The CIOs and CSOs are working together more now. The positions provide the chance to think about cutting-edge technology that can improve security and provide firms a competitive edge.

The technical IT security rules and overall execution fall more within the purview of CSOs. In order to guarantee that all security measures are up to par and within organizational risk capital, CIOs must ensure that feedback from the CEO is obtained and work with it.

The CSO, however, has a more important duty to perform. Along with security controls, CIO and CSO collaboration is required for a broader strategy of cyber security viewpoint across enterprises, and this collaboration only occurs when the two groups’ interests are aligned.

Therefore, the collaboration of CSOs and CIOs is necessary to ensure that the IT strategy is pushed throughout the organization while also communicating the cyber security requirements.

The important role of CISO in the great era of resignation

The founders and leaders of the company are essential to maintaining its culture. This is so because culture is a major motivator of the big resignation and plays a significant part in it.

CISOs take the effort to promote a security culture inside the company while also stressing that security is a business enabler. Emphasizing the importance of security as a component of overall strategy and the fact that everyone inside the business has a clear leadership role in security. As a leader, CISOs must convey this message to every employee in the company.

The shift in Priorities when it comes to the role of CISOs today

Technical controls are definitely the CISO’s responsibility, depending on the organization. They are also responsible for making sure that they train the company’s executives. When it comes to making risk decisions for an organization, they should be knowledgeable and have a security-first attitude.

Additionally, they must make sure that the essential cybersecurity ROI is effectively conveyed because, often, firms do not consider security to be a consideration in determining ROI.

It is clear that cybersecurity ROI results are an intangible contribution. Therefore, cybersecurity may assist by defining the function and guarantee that the assets that a business owns, that have the potential to have an influence on the organization are adequately safeguarded.

The board and executives must also get cybersecurity awareness training from CISOs. This is a common practice in America where candidates for board membership must possess a minimum level of cybersecurity awareness.

Therefore, the primary responsibility of CISOs will be to develop a more business-oriented approach for the organization’s cybersecurity needs.

Why is it important for the board to understand cybersecurity

It is crucial that the board of directors understand cybersecurity as cyberattacks and cybersecurity events proliferate. The board will get education on cybersecurity from a commercial perspective rather than a technical one. Therefore, from understanding cybersecurity, the board of directors will be more informed on why certain resources are needed for the company. Furthermore, when making important decisions for the company, they will be able to put in cybersecurity as a factor in their decision making.