intelligent

The second part is acting on the plan of action and being patient . You need to consciously produce a return on investment back to your business owners . This is an area I have been working on with our board over the last four years . A diligent process is required here with trends being analysed every quarter which can shield investments . These reports reveal gaps and how that enables businesses to do more and reduce the security risks . Having this cost analysis data which goes beyond the cyber data increases the odds of success .

In the realm of assisting governments , boards and organisations , how does Diligent help in tackling prevalent IT challenges ? Could you outline the range of solutions you provide to your clients ?

Our unique competitive advantage is getting the data to the right eyeballs . It is important to explore different types of data . Regarding machine data , this is operational and needs to be analysed , presented and reviewed by the risk owners . However , at the board level , this data may be too nuanced giving unnecessary details . Most of the board functions are an oversight by a governance and they ’ re operationally direct .

Diligent solutions have been specially designed to present high-level risk conversations or risk themes using the machine data produced at an operational level . Crucially this is performed in our platform and that is where the true value of this applies . For example , I am currently preparing for our Q2 risk committee meeting . Three years ago , PowerPoint would be my go-to software and I would have asked the team to provide the data . Today I can take advantage of the Diligent dashboard which is close to real-time board-level information allowing me to work off the latest updates . The power of our solution is mobilising the right information and translating it into meaningful conversations . This knowledge transfer is fluid meaning it can start with the board and finish at the operational level or can be moved in any other direction .

How do Diligent ’ s solutions make a difference to security decisionmakers over other competitors ?

The market is not lacking in risk management software solutions . I worked in the banking industry for 20 years and today you see solutions at various levels including enterprise , new commerce and SASE providers . The Diligent solution is focused on pulling real-time data and our continuous monitoring allows us to have a mature impact on operations and use the data to drive risk themes with resellers . The risk owner is an important concept because without them , it is not possible to formulate risk reduction actions due to the amount of effort it requires . The responsibility of fixing these configurations and vulnerabilities goes beyond the IT team and the conversation is framed differently .

All organisations face challenges dealing with vulnerabilities because they are dynamic and occur frequently . Could these vulnerabilities relate to resources , meaning we lack the correct people or the money to procure the right solution ? By people I mean our employees and our contractors , do they care about maintaining a secure environment through due care and due diligence ? The vulnerabilities could also stem from the process . Here we have the right people with the right technology , but the process is creating more hurdles for ourselves . By using our product , you can bring the right message to the right risk owner at the appropriate time .

How do you anticipate the role of CISOs evolving in the future ?

The role is always evolving and when I became CISO 10 years ago it had already transformed dramatically . The trend has been an increase in IT transformation alongside cyber-risk . For example , AI could be both a productivity enabler and a software company that enables its features to support our customers . The CISO shift has needed to move from IT risk owner to having a trust conversation with the right audiences . The top CISOs are now able to articulate complex IT issues and align them with the business objectives , they understand that a single security solution or strategy is not going to be 100 % secure .

It is about having deep knowledge of your product strategy and corporate risk and going beyond the realm of data and IT will better support businesses . The biggest challenge for CISOs is to adapt their mindset , align with the business , listen to risks and instead of saying ‘ no ’, provide a collaborative solution with their business partners . �

Henry Jiang , Chief Information Security Officer at Diligent Corporation

THE PIVOT IS TO STOP THINKING THAT IT RISK EXCLUSIVELY BELONGS TO THE IT DOMAIN .