Access my free webinar >

5 Qualities Your Next Chief Information Security Officer Should Have

5 Qualities Your Next Chief Information Security Officer Should Have

Dr Mark van Rijmenam, CSP

đź‘‹ Hi, I am Mark. I am a strategic futurist and innovation keynote speaker. I advise governments and enterprises on emerging technologies such as AI or the metaverse. My subscribers receive a free weekly newsletter on cutting-edge technology.

In a world where dataism has become the new normal for organisations, security has become a high priority. Or at least, it should be a top priority for organisations. Unfortunately, the reality is different, and every year, many consumers still become the victim of one of the hundreds of data breaches. Any organisation can be hacked, and without sufficient security measures in place, it can become very expensive.

The breach of Equifax, the consumer credit reporting agency that exposed the personal data of some 143 million Americans in June and July 2017, is among the biggest hacks with the biggest impact on consumers. Thus far, the Equifax breach has cost the company US$4 billion. The company’s CEO resigned over the hack, as did its Chief Information Officer and its Chief Security Officer.

Information Security Challenges for Organisations

Unfortunately, protecting your organisations from (would be) hackers is difficult. Organisations face a lot of challenges when it comes to ensuring information security. Many organisations lack adequate staff in security operations and incident response. Detecting digital threads is challenging, and for most organisations, it is not a core competency.

As a result, they lack the data engineers and analysts to ensure proper incident monitoring and detection. Consequently, organisations face a lot of false positives due to the lack of intelligent analytics, resulting in too much noise. In addition, in a lot of organisations, monitoring still depends on too many manual processes, tools that are not integrated and the organisation lacks a complete overall picture.

Those companies that do not implement proper security measures, or at least ensure their data is encrypted so it is useless in case of a data breach, can be made liable. Especially under the GDPR regulations. Therefore, it is vital for organisations to develop the right policies and processes to ensure data security and the Chief Information Security Officer (CISO) should be responsible.

The Chief Information Security Officer

The Chief Information Security Officer is responsible for managing enterprise risks related to information, deploying security analytics within the organisation to do so and ensure compliance with regulations related to data security. The Chief Information Security Officer should create an environment that is capable of dealing with large quantities of data. Not only the data created within the organisation but also the data involved with security analytics.

Security analytics generally involve terabytes or petabytes of data due to log information from monitoring your network, database information, identify information and all kinds of other system data that needs to be analysed in real-time to know what is going on. The role of the CISO is an important one, but what are the five main characteristics to look at when hiring your next Chief Information Security Officer?

1. Understand the Technical Environment

The CISO has to develop the security backbone of an organisation, often starting from scratch. The CISO should be actively involved in activities such as managing operational risk activities, identifying protection goals and metrics that are aligned with the strategic plan and prioritise security initiatives within the organisations. Of course, the CISO should be responsible for implementing security analytics and overseeing incident monitoring and response planning. To be able to do so, the CISO needs to have a thorough understanding of IT and information security tools.

2. Be a Change Manager

Information security requires a culture change within the organisation. Making all employees aware of the importance of information security, ensuring the right security policies and processes and making sure that the implemented security analytics are used, requires a culture change. This is difficult, as people have a natural inertia to change. Therefore, the Chief Information Security Officer should be a strong change manager, who is capable of changing people’s behaviour within the company.

3. Be a Strategist and Communicator

As a CISO, it is your responsibility to create high-end encryption and make your systems as unhackable as possible, but still, align it with the business objectives. Unmoveable, cold stored data does not help with the business, as business needs information to flow and be reachable in real-time. It is, therefore, the objective of the CISO to find a balance between security needs and business needs and be able to convey this message to the stakeholders. After all, if the end-users do not understand why certain security measures are in place, they are likely to ignore it.

4. Be a Good Recruiter and Manager

Developing an advanced information security environment, including analytics for monitoring and detection of data breaches, requires very skilled personnel. Often, these developers are hard to come by and hard to keep. A great CISO hires staff that are analytical, great thinkers and result-focused that like to solve complex puzzles. It is the task of the CISO to create an inspirational and challenging work environment for IT security staff.

5. Be Capable of Complex Risk Assessments

Developing and implementing information security systems take time, money and energy. A great CISO can assess and prioritise which assets need to be protected first and how depending on the risks involved. To do so, the Chief Information Security Officer should have a clear understanding of the objectives of the different departments, what the different data requirements are and what the corresponding risk factors are. Based on an analysis of these, often conflicting interests, the CISO should be able to develop an actionable security strategy to minimise the risks the organisation faces.

Final Thoughts

The introduction of the Chief Information Security Officer is just the beginning. The world of digital security is changing rapidly, and organisations should evolve as well. Cybercriminals are constantly changing their tactics, finding new ways to attack companies, so if a company refuses to stay up-to-date, they are almost asking to be hacked. This new reality requires a new approach to security.

Protecting your company should be focused on prevention, detection and response. On the one hand, you should make it as difficult as possible for criminals to hack your systems. Encrypt your documents, and especially your passwords, and use firewalls to protect your systems from outside intruders. On the other hand, focus on monitoring and detection to know what is going on within your network and company. Finally, combine different tools to directly respond when an intruder is discovered. To implement all these information security measures, the role of the Chief Information Security Officer is a necessity.

Image: Gorodenkoff/Shutterstock

Tags

Dr Mark van Rijmenam

Dr Mark van Rijmenam

Dr Mark van Rijmenam is The Digital Speaker. He is a leading strategic futurist who thinks about how technology changes organisations, society and the metaverse. Dr Van Rijmenam is an international innovation keynote speaker, 5x author and entrepreneur. He is the founder of Datafloq and the author of the book on the metaverse: Step into the Metaverse: How the Immersive Internet Will Unlock a Trillion-Dollar Social Economy, detailing what the metaverse is and how organizations and consumers can benefit from the immersive internet. His latest book is Future Visions, which was written in five days in collaboration with AI. Recently, he founded the Futurwise Institute, which focuses on elevating the world’s digital awareness.

Share

Download my 2024 Technology Trends eBook

My Speaker Demo

Join my free Webinar

00

hour

00

minute

00

Second

CLICK HERE TO REGISTER

Join my free Webinar

×

Recent Podcasts

Creating a Hyper-realistic Metaverse Sooner with John Gaeta - Step into the Metaverse podcast: EP34

Solutions to Drive Safety and Privacy in the Metaverse with Tiffany Xingyu Wang - Step into the Metaverse podcast: EP33

The Secret Tool to the Metaverse's Success with Gabriel René - Step into the Metaverse podcast: EP32

Building Communities in The Metaverse with Athena Demos - Step into the Metaverse podcast: EP31

The Need for Unique Identifiers in the Metaverse with Benjamin Bertram Goldman - Step into the Metaverse podcast: EP30

My latest book: Step into the Metaverse

My latest book: Step into the Metaverse

We are looking back on an extremely successful GlobalPETS Forum last week. We received on your presentation from the attendees a lot of positive comments. Therefore, thanks again for your support and delivering the professional presentation.

Chris Fuss

Partner, Chief Technology Officer - Dealer Tire

Who Am I

Dr Van Rijmenam is a strategic futurist specializing in digital disruption. Renowned for his nuanced insights on technology's societal impact, he offers various keynote formats globally and a masterclass on digital innovation .

Contact Mark to explore collaboration opportunities
I agree with the Terms and Privacy Statement
You may also like
Evolving Cybersecurity: Gen AI Threats and AI-Powered Defence
Evolving Cybersecurity: Gen AI Threats and AI-Powered Defence
Homomorphic Encryption: Unlocking the Cipher of Privacy
Homomorphic Encryption: Unlocking the Cipher of Privacy
Encryption and Quantum Computing - Fighting the Big Crunch of 2025
Encryption and Quantum Computing - Fighting the Big Crunch of 2025