vectorfusionart - Fotolia
The business IT environment is changing significantly, which means IT security needs to change accordingly, says Isabel María Gómez González, CISO for group Spanish banking group BFA-Bankia.
“The IT environment and the way people are working is changing every day. Consequently, the role of the CISO is changing with a new mission, vision and values,” she told Computer Weekly.
“Our role is about being enablers. As a CISO, I am talking about things changing legislation, collaboration, and about enabling younger generations to interact with the bank in new ways such as through social media,” said González.
“To be effective in my role as group CISO, I had to change the way I interact with various parts of the 20 enterprises in the BFA-Bankia group, using a different language for the business, the legal departments, the compliance departments and the information security teams,” she said.
According to González, it is important for CISOs to use appropriate language, not only to talk about risks and threats, but also to explain the decisions they make.
She also believes CISOs have to think beyond vulnerabilities in line of business applications to include the new devices, applications and communication channels people are using for work.
Collaborate for growth
However, collaboration is top of her agenda, not only with peers in the banking sector, but across all industry sectors, where CISOs are increasingly able to play the role of business enablers.
“CISOs across all sectors need to work together to increase the security capabilities of their organisations and grow together,” said González.
So strong is her belief in the need for and value of such collaboration, as a council member of the not-for-profit Information Security Forum (ISF), she is currently working to establish a worldwide group of CISOs in every sector.
The group will be for sharing information, engaging with government and legislators, and working together to lobby around information security-related issues.
“I believe the world’s CISOs should be in contact with each other, build trust relationships and have a way of sharing challenges, ideas, problems and solutions to improve the security capabilities of all to do better than we are today,” she said.
Read more about the changing role of the CISO
- Effective security communication to board members is an important way to get cyber security on their radar.
- What skills are required for the CISO job?
- The CISO position can be tough to fill, especially when enterprises set high expectations for the candidates.
- The longstanding question of whom CISOs should report to takes on new urgency as digital security rises to the top of corporate agendas.
By sharing information about specific attack campaigns, González believes threats can be tackled worldwide and across sectors much faster and at a lower cost than would otherwise be the case.
Exchanging security information also raises the security bar for everyone by enabling leaders in specific areas help others reach the same level of expertise and competence.
González is among those who believe CISOs should have a seat at the boardroom table and that they can make a unique contribution because they work across IT and all parts of the business.
“Their understanding of business operations means that CISOs can usually identify several lines of action to develop the business quickly,” she said.
Gonzalez is to discuss these topics in more detail in her session entitled The Secret Keys for the New Age of the CISO at the European Identity & Cloud Conference 2016 in Munich from 10 to 13 May.