There is a person in every organization that is the direct owner of breach protection. His or her task is to oversee and govern the process of design, build, maintain, and continuously enhance the security level of the organization.
Title-wise, this person is most often either the CIO, CISO, or Directory of IT. For convenience, we’ll refer to this individual as the CISO.
This person is the subject-matter expert in understanding the standard set of active cyber risks, benchmarking to what degree the organization’s exposure influences potential impact. They then take appropriate steps to ensure the major risks are addressed.
On top of being engaged 24/7 in the organization’s actual breach protection activity, the CISO has another critical task: to articulate the risks, potential impacts and appropriate steps to take to the company’s management – or in other words, they must effectively translate security issues for non-security-savvy executives in a clear and business-risk oriented manner.
The rationale for this task is simple – the more resources you invest, the more secure you are. The CISO holds the knowledge of what’s needed, but the key to unleashing resources is in…