If you’re a CISO, what points should you remember? What are the CISO dos and don’ts? Well one of the goals of a CISO is to keep a business safe from cyber threats. While at the same time allowing the business to thrive.
Of course, it’s no easy task. A CISO is not only a leader. But he’s also an individual, that’s effective at work.
And a CISO needs to keep many balls. While wading through an increasingly complex and always shifting threat landscape. That’s why good CISO is very important.
So in this post, we have compiled important points a CISO should do and should not do.
CISO Dos And Don’ts
What Every CISOs Must Do?
- Ensures to protect the company to the best of their ability. So every CISO must remember that they are the ones accountable if something wrong happens to the company.
- Mentoring others. Being able to mentor others is the key to form the next generation of information security professionals.
- Can do an open-source collaboration. This means that good CISO helps drive the next generation of products. As well as helping to shape the industry.
- Collaboration. It’s very important. Because the closer the collaboration is with a similar industry partner, the more reliable the information is.
- Knows how to take care of their team. Security teams used to do overwork. That’s because they keep a constant, watchful eye over everything. So team members need to focus and relax. So CISOs must use and encourage team-building activities, research, and industry-wide gatherings.
- Communicate with the team. Listen to them. Engage with them. Also, encourage them to give back or speak up with their ideas and opinions.
- Understand the business as well as the finances. Do this by looking through your records.
- Understand office politics.
- Do strategic planning. Provide a strategy to maintain the organization’s productivity and security. Additionally, this may include planning what countermeasures you will apply if ever threats occur in the future.
- Feel free to ask for help. Those in higher positions find it hard sometimes to ask for help. But it’s a basic rule one must do to succeed. So know your swim lane and feel free to ask for help when you’re outside of it.
- Do risk-based thinking. This means that as a CISO, you must let the data to drive decisions, and not your emotions.
Things Every CISOs Should Not Do
- Nobody is perfect. So, don’t act as if you can’t fail. Nobody is infallible. Thus, remember, the important thing is to fail fast and recover even faster.
- A CISO will not get frustrated if the board of directors keeps saying “NO”.
- Do not focus on incident response. Instead, have another person report to you.
- You only don’t need to know more than the basics of legal/compliance.
- Additionally, you’re not a penetration tester.
- You don’t need to know more than the basics of program management.
The CISO and the security team need to understand that the organization is there to deliver products and services as fast as possible. They must also find a way to make their work easier. While at the same time keeping the business safe.