信任是任何关系的基石, 它是在许多因素的基础上逐步建立和培育的. 当我们作为客户决定选择产品或服务“a”而不是“B”时,” it is primarily based on the perception of our trust that we place in that product or service provider. This trust can initially be in the infancy stage and can either grow or completely shatter due to unmet expectations.
The senior executive leadership of any organization is responsible for keeping that trust at optimum levels. Information security leadership plays a critical role in the establishment and maintenance of the trust through the confidentiality, integrity and availability of the information systems and the data contained within.
Since information security and privacy are newly pronounced points of emphasis for some organizations, 全面达致保安策略的目标, the 支持 from senior executive management outside security divisions is extremely important. 然而, the question remains about what kind of 支持 is required by chief information security officers and how can they elicit that 支持.
真正需要的是什么级别的高级行政管理支持?
这个词 支持 不幸沦为陈词滥调了吗. Quite often chief information security officers are too happy with the assurances provided by their respective heads (首席执行官们, 横, 等.)有“最好的安全”,以确保业务的安全. Fundamentally, the notion of having the best security is not appropriate by any means. The term “best security” is subjective in nature and in having the “best security” in place, 证券可能开始扼杀澳门赌场官方下载, 对业务运营速度产生负面影响. That’s when friction begins to creep in, leaving aside the initial assurances related to security.
这就引出了一个基本问题:多少安全性才足够. 答案就在这句话里 “足够安全” fit for the business so that security does not end up harming the business. This requires you to carefully craft a security strategy with inputs from relevant stakeholders outside the security division.
Once the security strategy is developed and approved, then the question of 支持 comes into play. The 支持 that CISOs need from this stage onwards is the unwavering 支持 that stems from having clarity about strategic security objectives and the determination to pursue to those objectives.
信息安全战略的执行通常跨越三年, and it is natural to have various roadblocks during this extended period that can drain the energy levels of stakeholders and the teams executing the strategic information security initiatives. It is during these moments that the determination of the senior executive management is tested. 这是清晰视野的时刻, mission and strategic objectives around information security can play a pivotal role in sustaining the energy and momentum necessary to execute the strategy.
This unwavering 支持 for the information security program is the kind of the 支持 that CISOs should be looking for from the executives they report to so that they are able deliver the expected information security services to the business and help the business establish and maintain the trust promised to their customers.
获得所需的支持
We explored above what it means to have appropriate 支持 from senior executive management that goes beyond words and a surface-level understanding of security objectives. 然而, considerable effort needs to be put into place to elicit this desired 支持.
It is imperative to understand that in any given organizational environment, there are often multiple silent battles going on between organizational divisions. These battles are not necessarily based on malice but on how strategic business objectives should be pursued.
In the battle of narratives, it is often seen that the wrong story and premise wins the battle. This is because the correct narratives are not appropriately presented and substantiated with facts, 提供主, 二级和三级以细节为辅的前提. It is therefore important to understand that narratives around information security must be well crafted and 支持ed by facts and empirical analysis, presenting security as an enabler of the business rather than a force that creates obstacles in business pathways.
When security acts as an enabler in the attainment of strategic objectives, 它开始展示和激发信任, 通过其治理和风险管理实现可靠性和问责制. 这使得安全性赢得了信誉, 在高层管理人员中享有良好的声誉和信任, 因此,每当安全部门提出一个问题时, 它被赋予了应有的价值.
Quite often the challenges of insufficient budget allocation for security are expressed by security leaders. 然而,安全部门领导人表达的这些担忧往往是有道理的, this often stems from other issues like the reputation around security teams, the level of trust with executive leadership and how well security enabled the business in previous ventures.
ciso可以获得所需的安全预算, but if they do not understand or set clear expectations on how security will enable the business, then they cause immense damage to the entire security division and its narrative. 因此,预算的分配必须从战略上加以处理. 通过逐步建立安全团队的声誉, we as CISOs can ask for our desired budget consistent with realistic approaches, 最佳实践和业务需求.
Remember that trust is earned over a period of time through consistent efforts and taking the right approach. The pain that needs to be endured during this journey to develop trust in security is needed to work toward a more ideal state for the CISO and the security team.
