Cyber Risk Management Chronicles, Episode VI – Cyber Fundamentals: The New Cybersecurity Triad | EDRM – Electronic Discovery Reference Model
Image: Lockhaven logo
Let’s talk about the “New Cybersecurity Triad.”
Image: Lockhaven
We’re all pretty familiar with the venerable C-I-A Triad whereby secure data exhibits the characteristics of Confidentiality, Integrity, and Availability. But today’s cybersecurity challenges demand we recognize another triad critical to success: interaction among boards, CIOs, and CISOs. In many sectors, CIOs and CISOs have historically had limited interaction with boards. This approach has not served those organizations well. The complex and ever-evolving cybersecurity threat landscape mandates a closer relationship allowing the board to benefit from the experience and advice of these partners in developing strategic guidance.
The complex and ever-evolving cybersecurity threat landscape mandates a closer relationship allowing the board to benefit from the experience and advice of these partners in developing strategic guidance.
Dr. Jack Dever & James Dever, Lockhaven Solutions
Below are 3 ways boards can facilitate more effective partnerships with CIOs and CISOs:
1. Think carefully about reporting structures. CIOs and CISOs have different duties and responsibilities. Many organizations can benefit from not having CISOs be direct reports to the CIO.
2. CIOs and CISOs must build partnerships and trust throughout the organization. Boards should engage early and often with their security teams to establish and reinforce this trust.
3. Boards must ensure CIOs and CISOs are granted appropriate, quality interactions with all leadership, regardless of function. They cannot afford to be siloed in IT-centric roles and must be active participants in all aspects of the organization, including business development, supply chain and third-party vendors, legal, audit, and HR.
Gloss