Forrester’s Report includes this observation for CISOs [Chief Information Security Officers] that creating “and maintaining a security strategy is fundamental for CISO success” but “…business colleagues need to be able to understand your strategy. If you cannot communicate it in a clear and concise manner, then all of your work will have been in vain.” Forrester’s April 25, 2016 whitepaper published by Armor was entitled “Six Steps To A Better Security Strategy” and includes this comment about Step No. 1: Become A Credible Stakeholder:
As a security leader, your job is far more than just ensuing compliance; you have to be an expert, a collaborator, a consultant, and a decision-maker. For business executives to take your security strategy seriously, they must first see you as a capable executive. This requires some work:
Understand your organization. To be credible, you have to demonstrate that you understand what your organization does, makes, or sells, along with how it’s doing financially. More importantly, you should get to know its customers and what they care about.
Know the personalities. It’s vitally important that you understand who the key stakeholders are in your company and what their responsibilities are; their specific goals and pet projects will drive security requirements.
Here are all 6 Steps:
Step No. 1: Become A Credible Stakeholder
Step No. 2: Connect With The Business
Step No. 3: Find The Gaps
Step No. 4: Identify Security Challenges
Step No. 5: Brainstorm New Opportunities
Step No. 6: Bring It All Together
Good advice to help CISOs!