CIOReview
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
| | MARCH 20218CIOReviewKEYS TO REACHING THE PEAK OF A CYBER SECURITY PROGRAM JOURNEYBy Christine Vanderpool, VP IT Security & CISO, Florida CrystalsImagine you are on a hike in the woods. Maybe it is a path you have taken before, or maybe it is brand new. Regardless, upon undertaking the journey, one thing is clear.You must be prepared.Prepared for a storm, prepared for detours and closures, prepared for attacks and overall prepared for the unknown.Take a moment to place yourself in that situation under multiple adverse conditions and add another aspect to the circumstances, you are now also lost. This scenario should feel familiar to all Chief Information Security Officers who are building a cyber-program for the first or even the fifth time. We have all been on a journey or path that we were prepared for knowing full well of the unexpected that may and will most likely occur. We have also all had a moment where we felt lost. So how can we be ready, really ready to take the journey? The key is overcoming the feeling of being lost is to remember the essentials. When building your program, if you begin to realize you may be lost, the key is to stop, stay calm and remember that panic is your greatest enemy. The next step is to think. Take a moment to think about where you are and where you want to go. Do not proceed until you know what step to take next. Thirdly, observe your situation. Look for familiar cues or clues that will guide you back to your original path. Lastly, determine a plan. Based on your thinking and observations, determine a plan or if you had a plan that did not go accordingly, rework it. Think through the options and then act accordingly.To have a plan that can be actioned on successfully, have your essentials handy. First, you will need the fuel to feed the plan just as you would need plenty of food and water if lost on a journey. This means capital and ongoing operating budget. Understand your capital both human and financial. Many CISOs struggle in this area. They have difficultly building a successful business case that is fit for purpose and aligns with the larger strategy including financial guardrails. I highly suggest anyone building a cyber program identify all current security costs and look for areas to repurpose those operating expense funds to services and tools that provide stronger coverage and potentially even a return on the investment.Christine VanderpoolIN MY OPINION
< Page 7 | Page 9 >