BreachExchange mailing list archives
How the CFO can act as any cybersecurity team's 'quarterback'
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 12 Jan 2016 19:25:24 -0700
http://www.bizjournals.com/baltimore/news/2016/01/12/how-the-cfo-can-act-as-any-cybersecurity-teams.html Warn your colleagues that the eye black is to help you focus — the hackers are at your goal line. As chief financial officer, you are the signal-caller for the company’s cybersecurity team, and it is your role to call the strategic audible that negates the increased risk of cyber attacks. This game is not about points and playoff implications – it’s about your company’s financial standing, customer loyalty, and shareholder trust. How are forward-thinking CFOs leading their companies onto the cyber field in light of the evolving threats? As the protector of corporate assets and manager of the organization’s enterprise risk strategy, the CFO is uniquely qualified to assess the business risk of a cyber attack, integrate a cyber program into the company’s broader risk assessment framework and make informed security investment decisions. The CFO is experienced in overseeing initiatives to mitigate financial, market and operational risk as part of a holistic risk management framework. Cyber risk should be treated as another element in the company’s enterprise risk profile – an element to be understood, assessed and managed. As cybersecurity quarterback, a CFO’s initial priority should be to identify the company’s most valued assets and communicate this information to the IT team. The CFO has invaluable insight into what is most important to the business and how the business operates. Engaging in ongoing dialogue with the IT team enables the CFO to outline critical assets such as customer and investor data, intellectual property, financial records, and business plans, to help the IT team identify the company’s greatest cyber risks. Your cyber playbook should be aligned to specific threats, the risk tolerance of the organization, and the data assets that are most at risk. A well-designed cyber program requires investments, and the CFO can help ask the right questions of IT to ensure that these investments will close the security gaps. By taking a leading role in the company’s cybersecurity strategy, CFOs acquire a keen understanding that cyber security is more than a set of preventive technologies, it is a comprehensive set of methods, policies and strategies designed to protect major assets. As a result, CFOs are better equipped to respond to the questions and concerns of their board of directors and shareholders. Like any good quarterback, the CFO possesses the visibility and commands the respect necessary to motivate players to maximize performance. To craft a cyber strategy that encompasses people, process, and technology, the CFO must engage the Board of Directors, IT team, department heads and human resources. To build awareness of cyber risks and the role human error plays in a breach, the CFO should call upon human resources to implement security awareness training. The CFO can communicate the implications of cyber risk to the Board of Directors to create policies and ensure controls are heeded. And the CFO can assist the IT team in securing the capital needed to modernize and maintain the security infrastructure. A CFO understands the company’s risk tolerance based on market, industry, and financial factors, a critical element to making informed cybersecurity investment decisions. CFOs put the cyber security program in the proper business perspective. They have the inherent ability to balance the returns generated on a company’s information assets, risk tolerance, and the level of cybersecurity investment needed to effectively protect those assets.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which vendors to trust. Contact us today for a demo.
Current thread:
- How the CFO can act as any cybersecurity team's 'quarterback' Audrey McNeil (Jan 13)