I have seen many blogs, articles and most of them stated as, CISO need the ability to adopt the business. The role of the CISO in any organisation is to protect the business and bring the operations under secured mode, under the policy defined, governance so on and so forth. So obviously he has to aware of the business, competition and more than that the risk to the organisation and compliance matter.

Here I am putting this in other side of the context. Does business also need to consider CISO in the same perspective? Is it not required to involve CISO in the business discussions?

Of late, I was interacting with one of my senior colleague from the CISO fraternity. It gave a very interesting insight with the real time example he referred.

(Read more:  Top 5 Big Data Vulnerability Classes)

CFO had a KRA to implement a solution which he had shown to the management which make some process easy and faster. As usual this discussion was never involved with IT or INFOSEC. CFO decided to go ahead and finalise the solution on the cloud with one of his known parties. Generally this happens in many organisations. Senior members do have some contacts with start-ups or some consultants within known internal circle. To show their seniority they go ahead and finalise with solution partners. This may be one of the encouragement activities for those consultants or start-ups. But it also needs to be seen with the organisation where they are working. Fine, this order got developed as specified by the CFO and prototype was shown in the lab environment. CFO and his team were happy to see the GUI within the time specified. Now it is the time to implement in real time..!!

Consultants need the access to all those IT setup to get connected and fetch real-time data. Then the discussion started with IT. Here the CISO was reporting to CIO. Situation was such a nightmare that, CISO realised that, he need to dilute the FIREWALL to make this solution working. Incoming traffic was required to keep open in order to roll out this solution. Even in the best interest of the organisation and respecting the CFO’s KRAs he suggested some work-a-round. But this was seen as CISO was hard nut to crack..! Some of the other senior leaders also commented as CISO is becoming difficult to get the work done. Here CISO put his pen down to sign off the project, unless this is owned by CFO or CIO and they should communicate to the management on the side effects of this solution. Both were unaware of these consequences. Ultimately CFO deferred his solution roll out. He had to pay out for the development without using but still he got promoted as Director Finance, which is the different story.

(Read more:  How to write a great article in less than 30 mins)

CFO; after getting promoted started to make all his efforts to harass this CISO to see that his orders were obeyed. Ultimate goal was to implement his solution in come what may. Finally this CISO decided to resign. Probably this is what was expected to the management as convinced by the CFO.

All that CISO was honest and working in the best interest of the organisation. Even he was ready to work on different solutions but that service provider was unsupported that kind of environment.

Is this not required to involve CISO in the beginning of the any solution for the organisation benefit? I leave the decision to the fellow CISOs to think.

More:  Join the community of 1400+ Chief Information Security Officers.  Click here


Views: 239

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


Security Trends and Emerging Technologies That A CISO Should Adopt In 2021

Started by Priyanka Aash Mar 3. 0 Replies

What are the challenges you as a CISO have been facing since the last year and share some security trends that are catching up? Help the community by sharing your knowledge and personal views on this subject. Or if you have any specific questions…Continue

CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */