CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | DECEMBER 20229CIOReviewon a daily basis, while the GRC side is responsible for ensuring that you are following the rules and complying with data privacy and data protection legislation in order to keep the bad guys out.When it comes to identifying enterprise security solution providers, how do you get their attention? Is there a procedure for evaluating their value offer and partnering with them?Before choosing the right vendor, we need to understand where our organization at and where we want to be. We must ensure that our roadmap is realistic and we are aware of the regulatory compliance and also where our Data is flowing. Some businesses operate on-premise, while others have moved to the cloud, and some enable employees to use their own devices (Bring your own device). This is how company data is transferred to non-company-owned devices, posing new issues. We need to look for the correct tool, or else simply chatting to vendors may take you down a rabbit hole.Any piece of advice there for upcoming professionals in the field?I would advise aspiring professionals to be well-versed in a few areas, particularly the business side. I've seen many professionals become so engrossed in technology that they are unable to apply it to the business side. To understand where the difficulty lies, I believe that every CSO should have a comprehensive understanding of both business and technology--how it operates, where data flows, and what infrastructure looks like.Another key consideration is to be aware of what is on the horizon in terms of data privacy and protection. They must ensure that their organization complies with state-specific data privacy and data protection law. After they've grasped those concepts, what are the company's risk appetite and business strategy? They must ensure that their IT security program is aligned with their business objectives. Because if any company wants to use your security plan, you must be able to justify it in terms of business operations, financial aspects, and regulatory compliance. All of these points will be very useful to be successful in the industry. Think security folks should learn about databases, operating systems, hardware, configuration, and coding to understand how to secure them before becoming a cyber professional
< Page 8 | Page 10 >