Wednesday, October 21, 13:51
Home business Make sure cybersecurity teams help your business

Make sure cybersecurity teams help your business

Business leaders need to rethink the way they handle cybersecurity teams. Do leaders ask the right questions and understand how cybersecurity programs work?

Overseeing cybersecurity programs, whether at the board level or at the leadership level, has always been a challenge. The typical questions managers ask range from the general question, "Are we safe?" to more detailed questions about the measurements, such as “How many vulnerabilities Did you correct the previous quarter? ” The answers to these questions may not help to highlight the true effectiveness of the program. These types of questions often signal a lack of understanding of how cybersecurity teams work and a lack of vision for how cybersecurity can really help a business grow.


Efforts have been made to help leaders ask the right questions to cybersecurity team leaders to improve their effectiveness. The National Association of Corporate Directors (NACD) has provided some excellent guidance on which questions to ask and which approaches Business leaders must follow suit to make the most of the security team.

Change the mindset of cybersecurity surveillance

Information security officers (CISOs) should be held accountable for most of their responsibilities regarding the risk of cyber threats. When we think of the prism of a traditional model SWOT (Strengths, Weaknesses, Opportunities and Threats), cyber security surveillance usually touches on the weaknesses and threats of the equation. CISOs tend to be big degree to deal with them sectors to address issues that may prevent a business from achieving its goals. However, remaining only on weaknesses and threats, the safety in cyberspace becomes more of a security program than a potential development guide.

While it is not wrong to think of threats and weaknesses in terms of supervision and risk management, it usually leads to financial dialogues that resemble discussions about buying insurance policies. Questions such as, “What percentage of it budget must be provided for security in cyberspace; ” used for decision making for example for the budget. This is similar to setting the price of insurance coverage for your business or home based on its value. The discussion should actually be much broader, because otherwise it omits the strengths and opportunities of the equation.

Changing the mindset to focus on strengths and opportunities completely changes the meaning of the dialogue and the possible outcomes. Of course, cybersecurity and risk management are used to protect the business from vulnerabilities and threats, but what if there are ways cybersecurity teams can identify strengths and opportunities? Are there areas of the business where security teams are not currently focused? It is quite possible that a CISO working throughout the business will have new ideas that will help the business.

New lines of challenge

At any meeting, the goal is to leave with new information and new instructions for supervision and approval procedures. CISOs must be challenged to think of their work from the perspective of improving companies and their contributions to overall business objectives, creating opportunities and opportunities.

The best example of this is when safety is "shifted" to changing performance control in the early stages. In a development process the developers it is better to fix them problems during creation instead of waiting to try a final product. The last approach is particularly annoying for developers who have to stop working to stop and fix problems during procedure. Traditional KPIs (key performance indicators) in the development process include measurements such as reducing the number of vulnerabilities or defects, as they will now be located in the process. While this is an effective cyber security measure, it does nothing to really emphasize business impact.

The real effect of this tactic is that fewer defects mean increased performance for developers, less edited code, faster releases products and faster revenue generation for new features and products. As an added benefit, a new strength may be the increased awareness of developers about how to write secure code. This new power could also be measured to show increased performance over time of time and then a differentiated one product at the market.

Challenge your CISOs to think about how to find a way to grow the business, highlight strengths and explore chances. Questions that may complement more traditional risk surveillance questions are:

  • What product improvements can we make to differentiate us in the market?
  • What is your tendency to reduce supplier delivery times or reduce sales cycle time?
  • What percentage of time do teams spend investigating or answering security-related questions? How is this monitoring over time?

Obviously, the questions will depend on the type of business, but its change mentality and CISO supervision is vital. With this shift, CISOs are forced to look beyond its walls group to better understand the business, thus creating more productive knowledge.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


PCI Pal: 7 out of 10 will not shop from infringing companies

As a new research by PCI Pal showed, consumers seem to be more worried about the shopping they will do in ...

The new Microsoft Edge is now mandatory on Windows 10 20H2

Today's version of Windows 10 20H2 is the first version that automatically replaces Microsoft Edge Legacy with the new Microsoft ...

Windows 10 1909 KB4580386 fixes various issues

Microsoft has released the monthly cumulative update KB4580386 of Windows 10 1909 with quality improvements and corrections to the Microsoft Xbox Game Pass, ...

The Nefilim ransomware gang leaked Luxottica files

The hackers behind Nefilim ransomware have published files on the internet, which seem to belong to the well-known company that manufactures and sells ...

Cisco: Vulnerability CVE-2020-3118 is used in some attacks

Cisco today warned of some attacks that actively target the high-severity vulnerability CVE-2020-3118, which has been found to affect many routers ...

Google: Chrome patch released for zero-day vulnerability fix

Google yesterday released the new version of Chrome 86.0.4240.111, with security updates, to fix a zero-day vulnerability that, according to ...

Microsoft: Said to Shut Down 94% of TrickBot C&C Servers!

Last week, Microsoft-led cybersecurity companies joined forces to crack down on TrickBot, one of ...

Vulnerabilities in MobileIron MDM servers used by hackers

Government hacking teams and other criminals exploit vulnerabilities in MobileIron MDM servers and gain access to corporate networks.

Albion Online: The forum of the popular online game has been violated!

A popular online role-playing game has revealed that its user forum has been breached, exposing email addresses and encrypted passwords ...

Iranian CEO guilty of conspiracy and breach of US sanctions!

The United States has sentenced the CEO of a financial services company to 23 months in prison for allegedly helping Iranian nationals carry out financial ...