Information Security Strategy Meets Tactical Execution.

Blog

Everyone is in Security!

How many people are tasked with security in your organization? Hopefully, you can say “everyone!” Each member of every organization has a part to play. Security needs to be a key objective for everyone involved. It’s the DNA, “the way things are done around here”, “the key to holding our client’s trust”...no matter how you say it, security needs to be baked in, a part of the fabric.

Security is about culture, and culture is built top-down. Most organizations have an Information Security Officer (ISO) of some title, who leads the charge against cyber-this and cyber-that. This person’s mission is to execute a program and lead a team tasked with a massive scope that ranges from protection and detection to recovery and continuity; it is an “always on” and “better be ready” environment of expectation. This demand keeps ISOs and their teams hopping with evaluating new technologies, managing compliance, monitoring identity and access, identifying vulnerabilities, reporting risks, and developing best strategies to deliver for tomorrow. However, the most important component is executing an effective awareness and training program for the organization. The ISO can’t do it alone.

Culture is about all-hands, everyone participates. The ISO should take the lead by being proactive in the C-suite, seeking to build a positive security culture one chief at a time. As one who is often the “glue” of the entire organization, the COO can be the best place to start. The COO’s perspective and understanding of the interdependent relationships within the organization and be invaluable to weaving security into its fabric. Without key C-level alliances, ISOs will struggle to align their programs with business outcomes, and a culture of security cannot develop. Security is bred from awareness, defined as the state of being conscious of something. More specifically, it is the ability to know and perceive, to feel, or to be cognizant of events. Having advocates for security at the top, driving proactive, persistent and positive interactions, will help shape and change culture.  Focused security leadership brings everyone into the security team!

 

OCTELLIENT - Our mission: simplify information security. With a Business First approach, we want to help you and your organization get to your core priorities and make the most of your infosec investments.  Our goal is to be your side-by-side partner, working together to navigate a tailored infosec strategy and bring expert advice to your toughest challenges.

Ask us about Propulsion, Deepwater, and the 8-point Dossier

info@octellient.com

www.octellient.com

Chris Cathers1 Comment