9. Security’s role (and title) in the organization
Building a true, strong security culture across their organization is another top priority for CISOs today — as it has been for years, multiple sources say.
It’s still a big concern because many find that security is sitting on their premises, often treated as an afterthought, said Theresa Lanowitz, chief evangelist for LevelBlue, a managed security service provider.
Many times CTOs, CIOs, and innovation teams don’t include security at the beginning of projects, he explains. And many CEOs, boards, and other C-suite leaders still don’t see security as a business enabler or core to a company’s mission.
Lanowitz adds, “Cybersecurity is not yet part of the fabric.”
Lanowitz sees progress, however, as more organizations implement secure design principles and DevSecOps practices, and as more CISOs advocate and establish equal footing with other executives.
“We’re seeing more organizations embrace security from the top down and see it as a business requirement and not just a technical problem,” said Lanowitz.
10. To achieve maximum efficiency
In addition to all the issues that may arise from year to year, CISOs say they continue to focus on achieving operational excellence – a task that is always challenging and difficult.
“While the fundamentals of a cybersecurity program remain the same, operational and data protection involves the constant navigation of new technologies and emerging threats,” Cody said. “Cybersecurity updates need to integrate seamlessly with existing systems, which require a deep understanding, at an operational level, of the business operations you protect and defend. Cybersecurity teams must be ahead of the curve, not playing catch-up.”
Source link