March 05, 2021

3 effective tips for a new CISO who is set to embark on their security journey

Often we are asked for some valuable tips for a new CISO who is about to tread upon this exciting job.

Today, CISO is one of the most demanding and challenging jobs. As a CISO, you have to stand at the crossroads of securing assets, building teams, as well as winning your board and management’s confidence. And this is just the tip of the iceberg!

For the last 20 years, we at Sumeru Information Security have worked with hundreds of seasoned and successful CISOs worldwide and have observed some common traits. Here we go.

1) Give complete visibility of organisation’s risk posture to your management:

As a CISO, your topmost responsibility is to help the board and management understand the organisation’s risk posture and identify the required mitigation activities. Solid preparation is pivotal here. Ensure you gain a thorough understanding of the risk posture of your organisation.

Prepare your security program and justify how it will help to improve the ROI and overall security posture.
While presenting the report and plan, remember to-

  • Reduce the use of security jargons
  • Give your management a 360-degree view of the business risk.

2) Focus on Gap Analysis and preparing a robust security roadmap:

Ensure your gap analysis gives you a complete understanding of the business risk posture. Also, focus on prioritizing the immediate tasks and future requirements. The Break-fix model will not be useful before sophisticated and targeted attacks.

Make sure you have a holistic security plan ready with equal focus on the regulatory standards that are critical and need to be met. It’s also important to move beyond routine security activities and basic security hygiene.

At Sumeru, we have always advised gap analysis and preparing Systematic Security Plan (SSP) to cover the maximum number of loopholes and keep the security activities consistent.

3) Prepare for the inevitable:

Sorry for the bad news! Yes, even the most established business with the most robust possible defense can be ineffective against targeted and sophisticated attacks.

This is why we advise focusing on preparing a solid Incident Response Management Plan to tackle the security incidents on time and reduce the damage.

As a CISO, you have to do the tough job of providing maximum security to your business and keeping incident management ready to minimize the damage from future attacks.

Welcome to the forever war of security

By now, you must have got a glimpse of the difficulties you will have to encounter.

We will advise you to focus on-

  • Finding Business-Security fit
  • External attack surface monitoring
  • 3rd Party risk management and mitigation
  • Creating a great relationship with the management
  • Gamifying security awareness training
  • Rising above basic security hygiene

With all the difficulties, CISO is a highly rewarding job. You are set to do the toughest job in the world. I wish you all the best for your future success.

Sumeru is always at your service to help you fight the forever war of security, rise above the odds and get the tough jobs done. Reach out to us at https://inservice.sumeru.com/contact-us/  for more tips, consultancy, and gap assessment.