Indian CISOs to develop more business skills to succeed

Organizations require chief information security officers (CISOs) to be much more than just a technical expert, but also possess business skills in today’s growing technology-driven Indian market.

Last year the Indian government revealed it wants to create half a million cyber roles for skilled IT security professionals in the next five years. And it wants organizations to have a CISO like position in place.

“Having a dedicated CISO within the organizations is very important for all Indian businesses. An effective and responsible CISO can be instrumental in moving an organization to the next security stage and towards operational excellence,” said Dr. Swapan Purkait, director of Nettech Private Limited, an Information Technology consulting and development company.

A deep understanding of business governance along with the technical know-how is a must for CISOs.

“CISOs are the key translators for senior executives," said Jerry Khan, technical consultant manager at AVAST Software, Asia. “This means they need to fully understand both the business side as well as the technology, including proper safeguard methods to mitigate risks and threats.”

While one of the key responsibilities is to ensure that information assets and technologies are adequately protected, a good Indian CISO must also be able to understand the risks to the organization beyond the traditional IT risks.

To succeed, Indian CISOs need to understand the company they are working with and its objectives better from a business standpoint than the technical and security aspects.

Another business acumen in a CISO’s skill set would be the ability to link security requirements to business requirements and weigh the business risks as fast as possible.

“They need to be open minded to new technology, track and recognize how it can be deployed within the organization and see that this is done in a secure manner. They must present the benefits of the technology they want to deploy to the senior executives clearly and efficiently,” said Khan.

But, according to Khan, the most common problem is the quick adaptation to the business language. “CISOs must be able to successfully understand and communicate the technological aspects of the business to the executives in a language they can understand, while at the same time thinking like a business person themselves, rather than just as pure technologists.”

CISOs in India are controlling more IT budget. According to research from Forrester, spending on security software by Asian companies will increase 55% in 2014 compared to 2013, with India a major contributor to this growth.

The analyst company said that CISOs must ensure that an increasingly tech savvy workforce get the IT equipment they need to do their jobs securely.

 “The CISO and other security and risk leaders no longer have the authority to block or significantly inhibit business adoption of any new service or technology. Instead, they must focus on mitigating the most egregious security concerns and help develop solutions,” said Manatosh Das, senior analyst at Forrester, in a blog post.