CISOs and their teams operate against a backdrop of continuous change in the threat

landscape, information security technology, and business conditions. The mission to

protect critical assets across space and time is further complicated by a lack of direct

control over the people and processes that expose the organization to risk through day-

to-day operations.

In-depth research with hundreds of information security leaders revealed

a common thread among the top performers:

Technical skills, while essential, are not enough.

To deliver maximum impact, Information Security must

engage with the business and practice proactive

organizational engagement.

To drive insight and enable action

on these “soft skills,” IANS has

broken proactive organizational

engagement down into a set of

clearly defined, quantifiable

elements we call The 7 Factors

of CISO Impact.

Our CISO Impact framework provides a

structured, action-oriented approach that

allows you to baseline your performance

and measure progress down to the Factor

and sub-Factor levels as you work towards

b e t t e r p ro a c t i v e o rg a n i z a t i o n a l

engagement.

First step: take the Diagnostic.

The Diagnostic is an online self-

assessment that measures the current

state of your team’s organizational

engagement. Your personal report

provides you with insight into your team’s

strengths and weaknesses, and allows

you to compare the results to those of

your peers.

As you work to improve your skill sets in

each of the 7 Factors, your Diagnostic

results will reflect your progress.

Then, attend

a CISO Impact

Workshop.

The CISO Impact Workshop is a four-hour

deep dive into one of the 7 Factors of

CISO Impact.

IANS-proprietary worksheets will help you

break down your Factor-specific Diagnostic

results into concrete, step-by-step actions

for improvement.

You’ll experience a new way of thinking

about what you do, and walk away with

insights that will influence the way that you

execute your mission.

A CISO Impact Workshop is a collaborative hands-on working session.

Wrap-UpReview lessons

learned and discuss of how improvement

will drive success. Introductions

Get to know your fellow CISOs

Workshop OrientationThe IANS facilitator

describes the workshop context, components and

flow for the day

Solo WorkDocument your team’s skills and processes vs. the workshop Factor.

Presentations & Feedback

Present your workbook

writings and receive feedback from your peers.

Research OverviewA discussion of the

research and structure of the CISO Impact

framework

DiagnosticAn explanation of how the CISO Impact self-assessment tool works

What are the 7 Factors?An overview of the individual

7 Factors of CISO Impact, and a look at how they all

work together to drive success.

Small Group Discussion

Share ideas and challenges with

your small group

Can you communicate the value of

information security in a compelling way?

To be effective, information security needs resources and

support from a range of stakeholders – but many security teams

aren’t prepared to state their case persuasively. Clear,

compelling communication is key to justifying budget requests

and paving the way towards working more collaboratively with

other business departments, but 62% of CISOs who completed

the CISO Impact Diagnostic are still in the early stages of

proactively engaging with key stakeholders to build a strong

value proposition. What steps can you take to move the needle?

At a recent Factor 6 Workshop, we posed the question:

Factor 6: Communicate the Value of Information Security

Participants discussed the challenges …

… and through that discussion, shared thoughts on how to address the problem.

“Most of the organization sees us the business prevention team. They just don’t get why we do what we do. ”

“We’re organized in IT so we don’t really have the visibility into the stakeholder challenges and needs.”

“Our team is comfortable answering questions and providing options. Selling our value is not a natural thing for us to do.”

You’ll walk away with strategies for success in real-world situations. For example,

you’ll learn how to:

•  Build a strong, business-oriented value proposition that

explains how information security helps your company grow

and win.

•  Engage deeply with key stakeholders – not just the ‘easy’

ones like Finance, Risk, Audit and Compliance but also the

business unit GMs – to understand what drives their business

decisions.

•  Work with the Marketing department to develop assets that

communicate your value proposition.