SlideShare une entreprise Scribd logo

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators

E
Elizabeth Dimit

Blog post discussing why CISOs need to collaborate with privacy, legal, and product teams to effectively identify and mitigate risk in their organization.

Logiciels
1  sur  5
Télécharger pour lire hors ligne
To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators by Andrew Migliore on July 25, 2019    CISOs face pressure on all sides. From their tenuous position in the company org chart, they're tasked with managing external and internal risk to their company's sensitive data. And when a privacy or security incident does strike, often they're the ones who take the blame. Yet as threats expand and regulations tighten, a CISO's role as enterprise risk manager has never been more vital. As Leonard Kleinman, a member of the Forbes Technology Council, succinctly wrote, "The new CISO must know how to quantify risk and understand business as well as cybersecurity technologies... They are no longer just the keeper of secrets or guardian at the gate. They are integrated into the business and taking a risk-based detective/ hunter-style approach." Know thy risk Privacy incident response is a critical component when it comes to identifying and quantifying full-picture, organization-wide risk. With the data gathered from privacy incidents—things like root cause, incident volume by line of business or department, category (paper vs. electronic), response timeframes, remediation efforts, etc.—CISOs can examine and analyze the nature of privacy incidents over time to understand where the true risks lie. They can thus be more strategic in their approach to managing risk for the whole enterprise.
To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM]   Incident response is not just the CISO's job, however. To accurately identify, mitigate, and reduce risks across an organization—be they electronic or paper, malicious or non-malicious—key departments must share the burden of privacy incident response and privacy by design. Collaboration is key, as privacy, security, legal, and product teams effectively work together. Incident responders, unite! To ensure collaboration, team members should understand each other's own roles, responsibilities, and motivations: Each of these perspectives together rounds out a full view of privacy incident response. Understanding legal risks, implementing privacy policies and procedures, safeguarding data, and applying the appropriate controls for that data throughout the organization and within the company's products and services—each is a critical aspect of a strong incident response program. There are simply far too many risk vectors that exist for a single department or person to manage an organization's privacy incident response program on their own. Costly delays in incident     Security approaches incident response from a tactical standpoint, safeguarding data and ensuring the availability of systems to prevent—or mitigate—improper disclosures or downtimes. Privacy focuses on the personal impacts of incident response—how the disclosure relates to people and the risk of harm to the impacted individual. The privacy team also considers what regulatory and contractual notification requirements are in scope. Legal is integral in understanding the regulatory landscape, setting company policies, and ensuring business practices—such as third-party vendor agreements or business associate agreements—are properly set up. Product determines if and/or how the company's products or services may have been a factor in an incident—and what remediation may be required to address the problem. They are also critical when creating new features or services by following the Privacy by Design framework. In this framework, the product team collaborates with security, privacy, and legal teams to proactively factor in privacy throughout the whole engineering process. 
To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM] response The BakerHostetler 2019 Data Security Incident Response Report shows a rather depressing average incident response timeline, from the day the event took place to notification being provided:  This is troubling for a couple of reasons. First, data breach notification timeline requirements are shrinking—many U.S. states require 30 days or less, and in the case of the EU GDPR, there are only 72 hours to notify the lead supervisory authority. Delays at each step of the incident response process could mean missing regulatory compliance deadlines. This is a huge risk. Second, research has shown that the longer the time to breach discovery, the more severe the impact. Organizations participating in the 2018 IBM Cost of a Data Breach Study experienced increases in both the time to identify and to contain a breach. According to the report: "We attribute increases in this year's time to identify and time to contain to the increasing severity of criminal and malicious attacks experienced by a majority of companies in our sample." The longer a potential breach goes undiscovered, be it a cyber-attack or a misdirected paper fax, the greater the risk of harm to both a company and its customers. Timely risk identification and mitigation are essential. To ensure this timeliness, CISOs should continually measure their organization's Mean Time to Privacy Response (MTTPR). Invest in collaboration As the BakerHostetler study shows all too plainly, many companies operate in departmental silos. CISOs have no way of identifying privacy incidents that may not include electronic data. Privacy leaders often have no insight into the status of security incidents that require a multifactor privacy risk assessment to determine the risk of harm, as the security team is focused on recovery and availability. Occurrence to discovery: 66 days Discovery to containment: 8 days Discovery to notification: 56 days
To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM] Topics: Incident Response Management Fortune 100 companies and organizations subject to data privacy regulations in industries such as finance, insurance, healthcare and beyond rely on RADAR for an efficient and consistent process for incident response.   SOLUTION How it works Features GDPR Compare your Options RESOURCES Videos Webinars Whitepapers & Research Case Studies Guides Product Info ABOUT Leadership Customers Partners & Integrations Careers CONTACT Events   For true collaboration to happen, organizations need an automated way to respond to privacy and security incidents—one that allows all employees and customers to efficiently report incidents, and for the incident response team to efficiently and consistently perform risk assessment, make a breach or no breach determination, and provide dashboards metrics and real-time reporting for organization-wide visibility. To achieve true success as an enterprise risk manager, CISOs need to collaborate with their peers across their organization. Only then will they obtain a 360-degree view of the threats facing their organization. Privacy incident response automation can help. The CISO's Secret Tool for Reducing Enterprise Risk Download the whitepaper
To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM] Blog Login Request a Demo © 2019 RADAR PRIVACY COOKIE NOTICE TERMS  LOGIN

Recommandé

Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 

Recommandé

Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Cybersecurity and The Board
Cybersecurity and The BoardCybersecurity and The Board
Cybersecurity and The BoardPaul Melson
 
Cyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionCyber security: Five leadership issues worthy of board and executive attention
Cyber security: Five leadership issues worthy of board and executive attentionRamón Gómez de Olea y Bustinza
 
Leveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityLeveraging Board Governance for Cybersecurity
Leveraging Board Governance for CybersecurityShareDocView.com
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015Scott Smith
 
CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015CISO_Paper_Oct27_2015
CISO_Paper_Oct27_2015John Budriss
 
Websense
WebsenseWebsense
WebsenseCMR WORLD TECH
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
CIOReview
CIOReviewCIOReview
CIOReviewTeri Cotton Santos, JD
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 
White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 

Contenu connexe

Tendances

Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity EssayMichael Solomon
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsColleen Beck-Domanico
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmDavid Sweigert
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsPaul Feldman
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionTripwire
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsAbdul-Hakeem Ajijola
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Sarah Nirschl
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCheffley White
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?EMC
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarFERMA
 

Tendances (19)

Websense
WebsenseWebsense
Websense
 
Cover and CyberSecurity Essay
Cover and CyberSecurity EssayCover and CyberSecurity Essay
Cover and CyberSecurity Essay
 
Cyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial InstitutionsCyber Security Tips and Resources for Financial Institutions
Cyber Security Tips and Resources for Financial Institutions
 
The case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firmThe case for a Cybersecurity Expert on the Board of an SEC firm
The case for a Cybersecurity Expert on the Board of an SEC firm
 
Cybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of DirectorsCybersecurity Goverence for Boards of Directors
Cybersecurity Goverence for Boards of Directors
 
CIOReview
CIOReviewCIOReview
CIOReview
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
Sans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business MissionSans 20 CSC: Connecting Security to the Business Mission
Sans 20 CSC: Connecting Security to the Business Mission
 
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
 
Cybersecurity & the Board of Directors
Cybersecurity & the Board of DirectorsCybersecurity & the Board of Directors
Cybersecurity & the Board of Directors
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
Perception Gaps in Cyber Resilience: What Are Your Blind Spots?
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
Research Paper
Research PaperResearch Paper
Research Paper
 
Cyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate BoardsCyber-risk Oversight Handbook for Corporate Boards
Cyber-risk Oversight Handbook for Corporate Boards
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?Managing Cyber Risk: Are Companies Safeguarding Their Assets?
Managing Cyber Risk: Are Companies Safeguarding Their Assets?
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-matt
 
Executive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk WebinarExecutive Summary on the Cyber Risk Webinar
Executive Summary on the Cyber Risk Webinar
 

Similaire à To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators

White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...balejandre
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportFERMA
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseElizabeth Dimit
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfgalagirishp
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docxwrite30
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee StudyHiten Sethi
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015CBIZ, Inc.
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Accenture Technology
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts finalDaren Dunkel
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligencethinkASG
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks- Mark - Fullbright
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991Jim Romeo
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Richard Brzakala
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfEnterprise Insider
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessibleCharmaine Servado
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 

Similaire à To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators (20)

White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...White paper cyber risk appetite defining and understanding risk in the moder...
White paper cyber risk appetite defining and understanding risk in the moder...
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
The 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident ResponseThe 4 Challenges of Managing Privacy Incident Response
The 4 Challenges of Managing Privacy Incident Response
 
We are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdfWe are living in a world where cyber security is a top priority for .pdf
We are living in a world where cyber security is a top priority for .pdf
 
Provide a MEMO.docx
Provide a MEMO.docxProvide a MEMO.docx
Provide a MEMO.docx
 
State of Security McAfee Study
State of Security McAfee StudyState of Security McAfee Study
State of Security McAfee Study
 
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
Risk & Advisory Services: Quarterly Risk Advisor Nov. 2015
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal - Full...
 
Ask the Experts final
Ask the Experts finalAsk the Experts final
Ask the Experts final
 
IT Executive Guide to Security Intelligence
IT Executive Guide to Security IntelligenceIT Executive Guide to Security Intelligence
IT Executive Guide to Security Intelligence
 
Before the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracksBefore the Breach: Using threat intelligence to stop attackers in their tracks
Before the Breach: Using threat intelligence to stop attackers in their tracks
 
managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991managed-security-for-a-not-so-secure-world-wp090991
managed-security-for-a-not-so-secure-world-wp090991
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals Law Firm Hacked by Cyber Criminals
Law Firm Hacked by Cyber Criminals
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdfInsider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
Insider Threats_ Top Four Ways to Protect Enterprises - ITSecurityWire.pdf
 
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
Breaches Are Bad for Business. How Will You Detect and Respond to Your Next C...
 
eCrime-report-2011-accessible
eCrime-report-2011-accessibleeCrime-report-2011-accessible
eCrime-report-2011-accessible
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic Security
 

Plus de Elizabeth Dimit

An HR’s Guide to Identity & Privacy Benefits for Employees of All Ages
An HR’s Guide to Identity & Privacy Benefits for Employees of All AgesAn HR’s Guide to Identity & Privacy Benefits for Employees of All Ages
An HR’s Guide to Identity & Privacy Benefits for Employees of All AgesElizabeth Dimit
 
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...Elizabeth Dimit
 
HR’s Guide to Identity and Privacy Benefits for Employees of All Ages
HR’s Guide to Identity and Privacy Benefits for Employees of All AgesHR’s Guide to Identity and Privacy Benefits for Employees of All Ages
HR’s Guide to Identity and Privacy Benefits for Employees of All AgesElizabeth Dimit
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookElizabeth Dimit
 
The Coffee Shop POS Buyer's Guide
The Coffee Shop POS Buyer's GuideThe Coffee Shop POS Buyer's Guide
The Coffee Shop POS Buyer's GuideElizabeth Dimit
 
How to Remedy the Dangers of Prescription Fraud, Waste, and Abuse
How to Remedy the Dangers of Prescription Fraud, Waste, and AbuseHow to Remedy the Dangers of Prescription Fraud, Waste, and Abuse
How to Remedy the Dangers of Prescription Fraud, Waste, and AbuseElizabeth Dimit
 
A Nation in Crisis: Causes and Effects of the Ongoing Opioid Epidemic
A Nation in Crisis: Causes and Effects of the Ongoing Opioid EpidemicA Nation in Crisis: Causes and Effects of the Ongoing Opioid Epidemic
A Nation in Crisis: Causes and Effects of the Ongoing Opioid EpidemicElizabeth Dimit
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskElizabeth Dimit
 
How a Top Health Insurer Manages Hundreds of Incidents Every Quarter
How a Top Health Insurer Manages Hundreds of Incidents Every QuarterHow a Top Health Insurer Manages Hundreds of Incidents Every Quarter
How a Top Health Insurer Manages Hundreds of Incidents Every QuarterElizabeth Dimit
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftElizabeth Dimit
 

Plus de Elizabeth Dimit (11)

An HR’s Guide to Identity & Privacy Benefits for Employees of All Ages
An HR’s Guide to Identity & Privacy Benefits for Employees of All AgesAn HR’s Guide to Identity & Privacy Benefits for Employees of All Ages
An HR’s Guide to Identity & Privacy Benefits for Employees of All Ages
 
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
The Digital Identity Network -- A Holistic Approach to Managing Risk in a Glo...
 
HR’s Guide to Identity and Privacy Benefits for Employees of All Ages
HR’s Guide to Identity and Privacy Benefits for Employees of All AgesHR’s Guide to Identity and Privacy Benefits for Employees of All Ages
HR’s Guide to Identity and Privacy Benefits for Employees of All Ages
 
ESET Case Study
ESET Case StudyESET Case Study
ESET Case Study
 
HIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule PlaybookHIPAA Final Omnibus Rule Playbook
HIPAA Final Omnibus Rule Playbook
 
The Coffee Shop POS Buyer's Guide
The Coffee Shop POS Buyer's GuideThe Coffee Shop POS Buyer's Guide
The Coffee Shop POS Buyer's Guide
 
How to Remedy the Dangers of Prescription Fraud, Waste, and Abuse
How to Remedy the Dangers of Prescription Fraud, Waste, and AbuseHow to Remedy the Dangers of Prescription Fraud, Waste, and Abuse
How to Remedy the Dangers of Prescription Fraud, Waste, and Abuse
 
A Nation in Crisis: Causes and Effects of the Ongoing Opioid Epidemic
A Nation in Crisis: Causes and Effects of the Ongoing Opioid EpidemicA Nation in Crisis: Causes and Effects of the Ongoing Opioid Epidemic
A Nation in Crisis: Causes and Effects of the Ongoing Opioid Epidemic
 
The 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party RiskThe 5 Steps to Managing Third-party Risk
The 5 Steps to Managing Third-party Risk
 
How a Top Health Insurer Manages Hundreds of Incidents Every Quarter
How a Top Health Insurer Manages Hundreds of Incidents Every QuarterHow a Top Health Insurer Manages Hundreds of Incidents Every Quarter
How a Top Health Insurer Manages Hundreds of Incidents Every Quarter
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
 

Dernier

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 

Dernier (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators

  • 1. To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators by Andrew Migliore on July 25, 2019    CISOs face pressure on all sides. From their tenuous position in the company org chart, they're tasked with managing external and internal risk to their company's sensitive data. And when a privacy or security incident does strike, often they're the ones who take the blame. Yet as threats expand and regulations tighten, a CISO's role as enterprise risk manager has never been more vital. As Leonard Kleinman, a member of the Forbes Technology Council, succinctly wrote, "The new CISO must know how to quantify risk and understand business as well as cybersecurity technologies... They are no longer just the keeper of secrets or guardian at the gate. They are integrated into the business and taking a risk-based detective/ hunter-style approach." Know thy risk Privacy incident response is a critical component when it comes to identifying and quantifying full-picture, organization-wide risk. With the data gathered from privacy incidents—things like root cause, incident volume by line of business or department, category (paper vs. electronic), response timeframes, remediation efforts, etc.—CISOs can examine and analyze the nature of privacy incidents over time to understand where the true risks lie. They can thus be more strategic in their approach to managing risk for the whole enterprise.
  • 2. To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM]   Incident response is not just the CISO's job, however. To accurately identify, mitigate, and reduce risks across an organization—be they electronic or paper, malicious or non-malicious—key departments must share the burden of privacy incident response and privacy by design. Collaboration is key, as privacy, security, legal, and product teams effectively work together. Incident responders, unite! To ensure collaboration, team members should understand each other's own roles, responsibilities, and motivations: Each of these perspectives together rounds out a full view of privacy incident response. Understanding legal risks, implementing privacy policies and procedures, safeguarding data, and applying the appropriate controls for that data throughout the organization and within the company's products and services—each is a critical aspect of a strong incident response program. There are simply far too many risk vectors that exist for a single department or person to manage an organization's privacy incident response program on their own. Costly delays in incident     Security approaches incident response from a tactical standpoint, safeguarding data and ensuring the availability of systems to prevent—or mitigate—improper disclosures or downtimes. Privacy focuses on the personal impacts of incident response—how the disclosure relates to people and the risk of harm to the impacted individual. The privacy team also considers what regulatory and contractual notification requirements are in scope. Legal is integral in understanding the regulatory landscape, setting company policies, and ensuring business practices—such as third-party vendor agreements or business associate agreements—are properly set up. Product determines if and/or how the company's products or services may have been a factor in an incident—and what remediation may be required to address the problem. They are also critical when creating new features or services by following the Privacy by Design framework. In this framework, the product team collaborates with security, privacy, and legal teams to proactively factor in privacy throughout the whole engineering process. 
  • 3. To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM] response The BakerHostetler 2019 Data Security Incident Response Report shows a rather depressing average incident response timeline, from the day the event took place to notification being provided:  This is troubling for a couple of reasons. First, data breach notification timeline requirements are shrinking—many U.S. states require 30 days or less, and in the case of the EU GDPR, there are only 72 hours to notify the lead supervisory authority. Delays at each step of the incident response process could mean missing regulatory compliance deadlines. This is a huge risk. Second, research has shown that the longer the time to breach discovery, the more severe the impact. Organizations participating in the 2018 IBM Cost of a Data Breach Study experienced increases in both the time to identify and to contain a breach. According to the report: "We attribute increases in this year's time to identify and time to contain to the increasing severity of criminal and malicious attacks experienced by a majority of companies in our sample." The longer a potential breach goes undiscovered, be it a cyber-attack or a misdirected paper fax, the greater the risk of harm to both a company and its customers. Timely risk identification and mitigation are essential. To ensure this timeliness, CISOs should continually measure their organization's Mean Time to Privacy Response (MTTPR). Invest in collaboration As the BakerHostetler study shows all too plainly, many companies operate in departmental silos. CISOs have no way of identifying privacy incidents that may not include electronic data. Privacy leaders often have no insight into the status of security incidents that require a multifactor privacy risk assessment to determine the risk of harm, as the security team is focused on recovery and availability. Occurrence to discovery: 66 days Discovery to containment: 8 days Discovery to notification: 56 days
  • 4. To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM] Topics: Incident Response Management Fortune 100 companies and organizations subject to data privacy regulations in industries such as finance, insurance, healthcare and beyond rely on RADAR for an efficient and consistent process for incident response.   SOLUTION How it works Features GDPR Compare your Options RESOURCES Videos Webinars Whitepapers & Research Case Studies Guides Product Info ABOUT Leadership Customers Partners & Integrations Careers CONTACT Events   For true collaboration to happen, organizations need an automated way to respond to privacy and security incidents—one that allows all employees and customers to efficiently report incidents, and for the incident response team to efficiently and consistently perform risk assessment, make a breach or no breach determination, and provide dashboards metrics and real-time reporting for organization-wide visibility. To achieve true success as an enterprise risk manager, CISOs need to collaborate with their peers across their organization. Only then will they obtain a 360-degree view of the threats facing their organization. Privacy incident response automation can help. The CISO's Secret Tool for Reducing Enterprise Risk Download the whitepaper
  • 5. To Be Great Enterprise Risk Managers, CISOs Need to be Great Collaborators https://www.radarfirst.com/blog/to-be-great-enterprise-risk-managers-cisos-need-to-be-great-collaborators[7/29/19, 4:14:58 PM] Blog Login Request a Demo © 2019 RADAR PRIVACY COOKIE NOTICE TERMS  LOGIN