How the CFO can act as any cybersecurity team's 'quarterback'

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bizjournals.com/baltimore/news/2016/01/12/how-the-cfo-can-act-as-any-cybersecurity-teams.html

Warn your colleagues that the eye black is to help you focus — the hackers
are at your goal line.

As chief financial officer, you are the signal-caller for the company’s
cybersecurity team, and it is your role to call the strategic audible that
negates the increased risk of cyber attacks.

This game is not about points and playoff implications – it’s about your
company’s financial standing, customer loyalty, and shareholder trust. How
are forward-thinking CFOs leading their companies onto the cyber field in
light of the evolving threats?

As the protector of corporate assets and manager of the organization’s
enterprise risk strategy, the CFO is uniquely qualified to assess the
business risk of a cyber attack, integrate a cyber program into the
company’s broader risk assessment framework and make informed security
investment decisions. The CFO is experienced in overseeing initiatives to
mitigate financial, market and operational risk as part of a holistic risk
management framework.

Cyber risk should be treated as another element in the company’s enterprise
risk profile – an element to be understood, assessed and managed.

As cybersecurity quarterback, a CFO’s initial priority should be to
identify the company’s most valued assets and communicate this information
to the IT team. The CFO has invaluable insight into what is most important
to the business and how the business operates.

Engaging in ongoing dialogue with the IT team enables the CFO to outline
critical assets such as customer and investor data, intellectual property,
financial records, and business plans, to help the IT team identify the
company’s greatest cyber risks.

Your cyber playbook should be aligned to specific threats, the risk
tolerance of the organization, and the data assets that are most at risk. A
well-designed cyber program requires investments, and the CFO can help ask
the right questions of IT to ensure that these investments will close the
security gaps.

By taking a leading role in the company’s cybersecurity strategy, CFOs
acquire a keen understanding that cyber security is more than a set of
preventive technologies, it is a comprehensive set of methods, policies and
strategies designed to protect major assets. As a result, CFOs are better
equipped to respond to the questions and concerns of their board of
directors and shareholders.

Like any good quarterback, the CFO possesses the visibility and commands
the respect necessary to motivate players to maximize performance. To craft
a cyber strategy that encompasses people, process, and technology, the CFO
must engage the Board of Directors, IT team, department heads and human
resources.

To build awareness of cyber risks and the role human error plays in a
breach, the CFO should call upon human resources to implement security
awareness training. The CFO can communicate the implications of cyber risk
to the Board of Directors to create policies and ensure controls are
heeded. And the CFO can assist the IT team in securing the capital needed
to modernize and maintain the security infrastructure.

A CFO understands the company’s risk tolerance based on market, industry,
and financial factors, a critical element to making informed cybersecurity
investment decisions. CFOs put the cyber security program in the proper
business perspective. They have the inherent ability to balance the returns
generated on a company’s information assets, risk tolerance, and the level
of cybersecurity investment needed to effectively protect those assets.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.