TO OVERCOME RESOURCE

LIMITATIONS ,

IT ’ S CRUCIAL TO ENSURE THAT DATA TELLS A MEANINGFUL STORY . THIS MEANS NOT

ONLY ANALYSING THE DATA BUT

ALSO USING

IT TO CONVEY DIFFERENT NARRATIVES TO VARIOUS AUDIENCES WITHIN AN

ORGANISATION . machines and their data capabilities is increasingly difficult .

To overcome resource limitations , it ’ s crucial to ensure that data tells a meaningful story . This means not only analysing the data but also using it to convey different narratives to various audiences within an organisation . Whether it ’ s the risk department , finance , executives , Human Resources or others , understanding the key data points and how they can be used to project different scenarios is of paramount importance in addressing resource inequality effectively .

When confronted with resource shortages that might impact security operations , what strategies do you believe are most successful in managing and resolving these issues ?

Privatisation has suddenly become the foremost consideration encompassing more than just IT assets . We ’ re not just referring to servers or virtual machines , this pertains to the full spectrum spanning public and private clouds as well as individual laptops and mobile devices . It is important to understand that not all assets are created equal . So , when prioritising , you must assess what is significant and where your data resides . Is it predominantly in the cloud , on-premises or on users ’ devices ? Without a comprehensive understanding of the data ’ s footprint and exposure , devising an effective strategy is unattainable . Resources must be allocated to address what matters but you must understand your exposure before formulating a strategy .

From your perspective , why is fostering teamwork within an IT department crucial for achieving overarching security objectives ?

In the past , IT risk has often been perceived exclusively as an IT concern . If you use Salesforce , for example , you have a server running a fine-tuned system , but we assume that if you ’ re the Chief Technology Officer ( CTO ) of the company , you bear the responsibility for this risk . This is a dangerous presumption . It implies that the owner of IT assets is the same as the owner of IT risks .

When we delve into the fundamentals , the risk owners should not necessarily be in IT . If Salesforce is hosted in the cloud , the responsibility for its appropriate risk management does not fall on IT alone but on those who wield it to drive customer engagement and fulfil commercial objectives . In essence , the primary owners of IT risk are usually found within the commercial leadership team . They are the ones who extensively employ the system to facilitate customer interactions and execute commercial duties .

The pivot is to stop thinking that IT risk exclusively belongs to the IT domain . When I assumed the role of Chief Information Security Officer ( CISO ), we initiated an enterprise risk management plan to correctly identify the rightful owners of various risks , be it in HR , finance or the commercial team . Consequently , this approach has facilitated more meaningful conversation when we talk about IT risk .

As organisations increasingly realise the significance of a robust defence strategy and allocate resources to safeguard their digital assets , how would you suggest initiating a well-rounded investment plan ?

It is vital to understand your risk profile before you formulate a strategy . Even if the cybersecurity programme is new or has previously existed , a rigorous approach is needed . This can include a risk assessment which many cyber-risk professionals use as a starting point . I would encourage a datacentric conversation that revolves around protecting your most creative assets such as customer or employee data that flows through your organisation .

The first step is having a complete understanding of the digital assets you are protecting and performing gap analysis . For example , in the past cyber teams would buy products and have a plan to implement them within a specific timeframe and budget . The questions those IT teams should be asking are : Are those the right products and what problems are these products solving ? The value of independent thinking is critical . You should evaluate if the product is the right fit for the organisation by assessing exposures and planning .

26 intelligent

. tech

Intelligent SME . tech