No More Mr Nice Guy – Time for CISOs to Get Tough

One of my predictions for 2007 was that this would be the year that CISOs would finally get tough with business units, tightening corporate firewall policies and closing down insecure connections. The context was the need to respond to zero day exploits that introduce numerous sources of risk across enterprise infrastructures.

It hasn’t quite happened in the way I imagined. But the need to get tough is becoming pressing following the run of high-profile, avoidable breaches of personal data.

Sometimes a CISO needs to be a perfect diplomat, building good business relationships with a reassuring bedside manner. At other times a CISO need to be hard and uncompromising. The pendulum is now swinging towards the latter. Forget your popularity. It’s time for all CISOs to crack the whip.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I think you're missing a key point. Technology in a business should be an enabler, not a block on doing business. What you're suggesting is akin to a city trading floor being told by a COO that they can't have meetings with anyone who looks shifty, or that they can't receive certain pieces of postal mail because the boxes it comes in are the wrong size and shape. CISOs should never stop a business from doing something it wants to, CISOs should look for ways of doing things that the business needs because without the business the CISO doesn't have a job, but without the highest level of security in place the business may get embarrassed from time to time, but it may become highly profitable from doing things that it's competitors can't.