How do you translate data security information to the board?

The CIO, CISO and even the IT department can easily help senior executives to understand more about data security How do you translate data security information to the board? image

IT departments have long been aware of the importance of keeping corporate data secure. Protecting what amounts to the life-blood of a company – data – from external attacks and insider threats is the bread and butter of the CIO and CISO.

However, until recently other members of the C-suite had limited engagement with the issue of security. This shift is accelerated by the broadcasting of high-profile data breaches – suddenly data security and risk are more tightly interlinked.

A single breach can inflict significant financial damage on a company (in addition to public embarrassment and reputational damage). In 2014, 42.8 million security threats were detected – a 48% increase from the previous year, and the financial impact these incidents was severe, costing companies $2.7m on average.

> See also: C-suite take note: there's more to IT security than keeping you safe

It is no surprise therefore that most members of an organisation, from the IT department to the boardroom, make it a priority to protect company information.

The upsurge in awareness around data security at the C-suite level has taken place over a very short time, and this poses a particular problem for security professionals in terms of providing the board with the relevant information they need.

More than one third of directors are currently dissatisfied with the quality of information they get regarding cybersecurity risk, and more than half are unhappy with the amount of information provided.

So what does this mean for the IT department? CIOs and CISOs need clear strategies and a regular cadence for educating the board on data security issues.

Getting priorities right

The sheer volume of potential risks and vulnerabilities can seem overwhelming, so it is essential that the CIO is able to focus board members’ attention on relevant security threats, and even more importantly, to present a prioritised plan of action for dealing with them.

The idea is to make sure that the information presented to the board is easily digestible. Information should be free from technical jargon, and concepts should be broken down using business terms and analogies that easily drive the message home.

The first step to take when prioritising mitigation of threats is to undertake an enterprise-wide risk analysis and create a baseline cybersecurity profile. This approach lends itself to highlighting particularly high-risk areas to the board, and directing its attention to the data that is in the greatest need of protection.

Verify your findings

Conducting a risk assessment of company data is likely to go a long way towards bringing the C-suite up to speed with the most pressing security issues in your organisation, but a little external support is likely to lend extra credence to your arguments.

Enlisting a reputable third party to provide the board with a risk profile assessment could be a crucial factor in convincing the board of the need for greater investment in information security.

> See also: Digital defenders: from security geek to c-suite superhero

Once the most significant threats have been identified and verified, a CIO must make sure the board understands the IT department’s incident response plan, and each C-level executive’s particular role in the plan.

This is an ongoing process, and involves keeping abreast of emerging best practices, regulatory expectations and standards. It is also important to provide the C-suite with regular updates in relations to threats and the incident response plan.

Implement the correct tools

Providing the board with regular information security reports is often a time-consuming process due to the effort involved with collating and analysing all the relevant data. However, if the IT department has a data-centric endpoint security solution in place, the process can be simplified significantly.

Implementing comprehensive endpoint data protection software provides the IT department with visibility and control of the data stored across employees’ laptops and workstations, allowing IT to identify and rapidly respond to and remediate leaked data and security threats.

> See also: The top 10 risks for 2015: as chosen by the c-suite

The ultimate solution should update forensic information automatically whenever a machine is connected to the internet, providing insight into where and when data was created, if it has been changed or deleted, who has done it, and from where.

Armed with the information provided by an overarching data security strategy – via important tools such as endpoint data protection – the IT department can provide the board with regular updates on the organisation’s security posture.

Get the whole C-suite on board

Of course, one of the simplest ways to ensure that executives have all the data security information they require is by liaising with them on a regular basis.

Make sure all of the board members understand their role in the IT department’s incident response plan, and ask them if they have all the relevant information they need to make key decisions.

As long as you have the correct tools in place for analysis of threats to information security, packaging this data and presenting it to the board should be a simple and mutually beneficial process.

Sourced from Andy Hardy, EMEA MD, Code42

Latest news

divider
News
Wirex and Elliptic unite in new approach to fight cryptocurrency fraud

Wirex and Elliptic unite in new approach to fight cryptocurrency fraud

24 May 2019 / Borderless payments platform Wirex and cryptocurrency compliance provider Elliptic, have strengthened their collaboration in order [...]

divider
News
Intelligent data pipelines partnership revealed by Databricks and Informatica

Intelligent data pipelines partnership revealed by Databricks and Informatica

24 May 2019 / The intelligent data pipelines collaboration will enable customers to quickly ingest data directly into a [...]

divider
Cybersecurity
Is your company spending enough on their cyber security budget?

Is your company spending enough on their cyber security budget?

24 May 2019 / Cyber security should be, if it isn’t already, at the very top of budget spending [...]

divider
Events
Data Leadership Summit: 12 months on – how GDPR influenced business

Data Leadership Summit: 12 months on – how GDPR influenced business

23 May 2019 / Reflecting on the past 12 months in a panel discussion this morning, Neil Currie, head [...]

divider
Digital Transformation
Digital transformation remains impossible without solving the WAN problem

Digital transformation remains impossible without solving the WAN problem

23 May 2019 / For the last few years, digital transformation has become a major rallying cry for organisations [...]

divider
Case Studies
Fitbit: from start-up to global health phenomenon

Fitbit: from start-up to global health phenomenon

22 May 2019 / Fitbit was founded 12 years ago by Eric Friedman, the current CTO and James Park, [...]

divider
Business Skills
AI and machine learning driving skills revolution in business intelligence

AI and machine learning driving skills revolution in business intelligence

22 May 2019 / An explosion in the growth of emerging technologies such as AI and machine learning is [...]

divider
Data Analytics & Data Science
Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

Making an organisation data literate: Jason Teoh from Openreach, part of BT, talks to Information Age

22 May 2019 / We run the “UK’s digital network business” says Jason Teoh, when he spoke to Information [...]

divider
Data Analytics & Data Science
New report highlights issues around productivity in data science and analytics

New report highlights issues around productivity in data science and analytics

22 May 2019 / Tens of millions of data workers face productivity woes as complexity grows in data science [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest