Pages

Wednesday, 21 October 2015

The Cultural Maturation of Cyber Risk Management


From GARP –

“Born from the perfect storm of 9/11, the Nimda worm, and Section 404 of the Sarbanes Oxley Act (SOX), the rise of the chief information security officer (CISO) has occurred at a lighting pace. Mega breaches have earned them a seat at the boardroom table, yet CISOs still struggle to articulate cybersecurity risk in a way that board members can understand.

To move past this, CISOs need to flex their leadership muscles and take a top-down approach to risk management – one that will likely require them to “unlearn” many of the best practices that got them to where they are.

It is a path with which the broader risk management profession is familiar: In the early 2000s, information security was mainly driven by compliance. Back then, CISOs were little more than glorified IT security admins.”

Read more>>