CISO Perspective - Evaluating and Communicating Information Risk
نویسندگان
چکیده
While security professionals have long talked about risk, moving an organization from a “security” mindset to one that thoughtfully considers information risk is a challenge. Managing information risk means building risk analysis into every business decision. In this panel, we will discuss how CISOs are working to move the conversation from security towards information risk. In particular, we will address questions about risk categorization, communication, and measurement such as:
منابع مشابه
Clarifying the Roles of Information Security: 13 Questions the CEO, CIO, and CISO Must Ask Each Other
The chief executive officer (CEO), chief information officer (CIO), and chief information security officer (CISO) walk into a bar. The CEO orders a light beer. The CIO normally orders his full-bodied stout beer but being politically savvy and noticing the CEO’s order, also orders a light beer. The CEO’s order has raised the curiosity of the CIO, and he just can’t help but ask the CEO, “Why not ...
متن کاملThe Chief Information Security Officer: an Analysis of the Skills Required for Success
The aim of this study is to determine a set of skills needed for a Chief Information Security Officer (CISO) in a competitive business today. To this end, a review of the literature and IT security executive interviews were conducted to identify a set of relevant skills. This list was then compared to a set of job listings for CISOs. Ultimately, a set of skills were developed that organizations...
متن کاملCommunicating actionable risk for terrorism and other hazards.
We propose a shift in emphasis when communicating to people when the objective is to motivate household disaster preparedness actions. This shift is to emphasize the communication of preparedness actions (what to do about risk) rather than risk itself. We have called this perspective "communicating actionable risk," and it is grounded in diffusion of innovations and communication theories. A re...
متن کاملAssessment for Enterprise Security Decision Making
Assessment is an integral part of a chief information security officer’s (CISO) daily work. Continuously, the CISO must make security policy decisions, either introducing new policies or technologies in the organisation, or modifying existing policies. Assessment in this environment must inherently go beyond assessment of the policy’s security properties alone. It must include considerations ab...
متن کاملNorthern Hemisphere Summer Monsoon Singularities and Climatological Intraseasonal Oscillation
Using climatological pentad mean outgoing longwave radiation (OLR) and European Centre for MediumRange Weather Forecasts analysis winds, the authors show that the Northern Hemisphere summer monsoon displays statistically significant climatological intraseasonal oscillations (CISOs). The extreme phases of CISO characterize monsoon singularities—monsoon events that occur on a fixed pentad with us...
متن کامل