Embed Size (px)
Citation preview
CISOs and their teams operate against a backdrop of continuous change in the threat
landscape, information security technology, and business conditions. The mission to
protect critical assets across space and time is further complicated by a lack of direct
control over the people and processes that expose the organization to risk through day-
to-day operations.
In-depth research with hundreds of information security leaders revealed
a common thread among the top performers:
Technical skills, while essential, are not enough.
To deliver maximum impact, Information Security must
engage with the business and practice proactive
organizational engagement.
To drive insight and enable action
on these “soft skills,” IANS has
broken proactive organizational
engagement down into a set of
clearly defined, quantifiable
elements we call The 7 Factors
of CISO Impact.
Our CISO Impact framework provides a
structured, action-oriented approach that
allows you to baseline your performance
and measure progress down to the Factor
and sub-Factor levels as you work towards
b e t t e r p ro a c t i v e o rg a n i z a t i o n a l
engagement.
First step: take the Diagnostic.
The Diagnostic is an online self-
assessment that measures the current
state of your team’s organizational
engagement. Your personal report
provides you with insight into your team’s
strengths and weaknesses, and allows
you to compare the results to those of
your peers.
As you work to improve your skill sets in
each of the 7 Factors, your Diagnostic
results will reflect your progress.
Then, attend
a CISO Impact
Workshop.
The CISO Impact Workshop is a four-hour
deep dive into one of the 7 Factors of
CISO Impact.
IANS-proprietary worksheets will help you
break down your Factor-specific Diagnostic
results into concrete, step-by-step actions
for improvement.
You’ll experience a new way of thinking
about what you do, and walk away with
insights that will influence the way that you
execute your mission.
A CISO Impact Workshop is a collaborative hands-on working session.
Wrap-UpReview lessons
learned and discuss of how improvement
will drive success. Introductions
Get to know your fellow CISOs
Workshop OrientationThe IANS facilitator
describes the workshop context, components and
flow for the day
Solo WorkDocument your team’s skills and processes vs. the workshop Factor.
Presentations & Feedback
Present your workbook
writings and receive feedback from your peers.
Research OverviewA discussion of the
research and structure of the CISO Impact
framework
DiagnosticAn explanation of how the CISO Impact self-assessment tool works
What are the 7 Factors?An overview of the individual
7 Factors of CISO Impact, and a look at how they all
work together to drive success.
Small Group Discussion
Share ideas and challenges with
your small group
Most business leaders view information
security risk as separate from business
risk. Why? And how can we change this?
Only 7% of CISOs who have taken the CISO Impact
Diagnostic report being in-sync with business
leadership regarding information security assets,
processes, and incident response capabilities. What
steps can you take to bring your goals into line with
the strategic goals of the business and convince
business leaders to own information security risk?
At a recent Factor 2 Workshop, we posed the question:
Factor 2: Get Business Leaders to Own Information
Security Risk
Participants discussed the challenges …
… and through that discussion, shared thoughts on how to address the problem.
“If the business signs off on risk, nobody blinks. We have to push to revisit risks periodically.”
“We don’t have a risk culture so developing a policy on risk stewardship isn’t getting much support.”
“Top management sends mixed signals about who is accountable for information security risk. We’re left on the hot seat.”
You’ll walk away with strategies for success in real-world situations. For example,
you’ll learn how to:
• Work with C-Level executives to tie business leaders’ compensation to reducing security risks.
• Create competition among business leaders by implementing
and publishing ‘wall of shame’ metrics for information security
compliance.
• Work on building connections and finding security champions
in other departments in the organization, like Finance or
Legal.
