One of my predictions for 2007 was that this would be the year that CISOs would finally get tough with business units, tightening corporate firewall policies and closing down insecure connections. The context was the need to respond to zero day exploits that introduce numerous sources of risk across enterprise infrastructures.
It hasn’t quite happened in the way I imagined. But the need to get tough is becoming pressing following the run of high-profile, avoidable breaches of personal data.
Sometimes a CISO needs to be a perfect diplomat, building good business relationships with a reassuring bedside manner. At other times a CISO need to be hard and uncompromising. The pendulum is now swinging towards the latter. Forget your popularity. It’s time for all CISOs to crack the whip.