当今不断变化的攻击面要求首席信息官和首席信息安全官的角色之间更加紧密地保持一致。
随着时间的流逝,安全性和合规性变得越来越重要。在当今不断变化的安全漏洞中,企业面临着众多挑战,必须确保他们拥有正确的解决方案来监控和防范对有价值数据的攻击。随着勒索软件继续困扰着组织,许多组织也在采取积极措施,以提高员工的安全性。首席信息官和首席信息安全官是两个关键角色,应该像当今的威胁环境一样不断发展。 数字化转型网(www.szhzxw.cn)
组织应在 CIO 和 CISO 角色之间建立有效的关系,以加强保护。这两个角色之间的协调有助于推动安全性和合规性向前发展,组织应考虑协调这些关键职位的方法。
首席信息官和首席信息安全官关系的成功意味着作为一个相互依存的团队运作,专注于共同的愿景和路线图,其中首席信息安全官设计战略和公司层面的方法,首席信息安全官执行以支持战略。同样重要的是要注意,这两个角色多年来一直在演变,自然而然地产生了合奏。
一、检查首席信息官和首席信息安全官的职责
在整个组织中制定强大的安全和勒索软件保护计划的一种方法是确保 CIO 和 CISO 密切合作,以确保组织能够满足合规性并促进更好的安全卫生。
以前,首席信息安全官负责组织的安全,而首席信息官则负责管理技术创新和实施。但是,首席信息安全官应负责调查市场上更广泛的安全威胁,而首席信息安全官则负责战术执行。这些共同的责任最终建立了更紧密的关系,以加强安全措施。这两个角色肯定因组织而异。例如,一些首席信息安全官可能负责一线网络防御职责,而另一些则专注于监督职责。根据组织的规模和行业,一些首席信息安全官可能会同时处理两者。 数字化转型网(www.szhzxw.cn)
首席信息安全官的核心角色需要对技术、领导力和管理有深入的了解。他们还需要了解日常业务职能,与行业监管机构和董事会成员密切合作,这比以往任何时候都更加普遍。
对 CIO 角色的需求也在继续增加,重点关注领域包括业务洞察力、自动化和技术创新,以扩展业务,这在生成式 AI 时代变得越来越重要。以前,首席信息官的角色专注于系统可用性和简单地“保持灯火通明”,但今天,它正在研究如何解锁数据,以获得组织和客户的最佳洞察力。
保持安全第一的态势包括重新检查旧流程和现代化方法,以简化运营、扩展和扩展技术堆栈。首席信息官一直需要从这个角度来看待数字化转型,确保项目与业务目标保持一致,同时使业务更有效率。即使是很小的,对首席信息官来说也是最重要的。
二、在当今的攻击面中建立一致性
最近的研究发现,85% 的组织在过去 12 个月内至少遭受过一次网络攻击,而 2022 年这一比例为 76%。结果还显示,最接近网络事件挑战的角色(如首席信息官和首席信息安全官)通常对团队之间的合作最不满意。具体而言,面对勒索软件,这两个角色都必须制定新的保护方法,以保护组织免受重大恢复成本、业务中断和声誉受损的影响。这两个角色都应专注于共同制定数据恢复计划,包括在发生勒索软件攻击时应采取的步骤。 数字化转型网(www.szhzxw.cn)
全球网络安全集团的创新和不断变化的网络威胁形势将永远是最重要的。生成式 AI 只会增加攻击的复杂性,这意味着 CIO 和 CISO 必须共同努力,增强业务的弹性,并为不可避免的攻击做好准备。
这两个角色都面临着更高的威胁检测和解决责任,以及确保有效的安全卫生,这要求首席信息官和首席信息安全官角色之间紧密结合。在所有端点上推动和维护安全性意味着两者都应该寻找培养创新和弹性文化的途径,作为他们所做的一切的基础。首席信息官还应该管理组织的技术基础设施,确保顺利运营,因为首席信息安全官专注于保护基础设施免受网络威胁。
在当今勒索软件泛滥的世界中,首席信息官和首席信息安全官应着眼于提高其业务弹性以应对威胁的计划,例如不可变和可移植备份,以确保攻击中的数据完整性。首席信息安全官应负责率先制定安全路线图和愿景,而首席信息官则与技术组件相关联,并验证组织执行它的能力。
尽管传统上关注的领域不同,但首席信息官和首席信息安全官的角色是紧密相连的,在保护组织方面发挥着关键作用。健康的连接要求他们的工作相互依赖,这首先要关注优先业务成果,而不是关注特定技术。要实现平衡,就需要随着攻击面和业务优先级的变化而不断发现更多的协作机会。
英文原文:
Harmonizing the CIO and CISO Roles to Bolster Security
Today’s evolving attack surface calls for a closer alignment between the chief information officer and chief information security officer roles. 数字化转型网(www.szhzxw.cn)
Security and compliance have only gained importance as each year passes. Amid today’s ever-changing security vulnerabilities, enterprises face a multitude of challenges and must ensure they have the right solutions to monitor and protect against attacks on valuable data. And as ransomware continues to plague organizations, many are also taking proactive steps to promote better security across their people. The CIO and the CISO are two critical roles that should evolve just as is today’s threat landscape.
Organizations should establish an effective relationship between the CIO and CISO roles to bolster protection. Alignment between the two roles is instrumental in driving security and compliance forward, and organizations should consider ways to harmonize these critical positions.
The success of the CIO and CISO relationship means operating as an interdependent team, focusing on a shared vision and roadmap where the CISO designs the strategy and company level approach, and the CIO executes in support of the strategy. It’s also important to note that the two roles have evolved over the years, naturally resulting in the ensemble. 数字化转型网(www.szhzxw.cn)
1. Examining CIO and CISO Responsibilities
One way to develop a robust security and ransomware protection plan across an organization is to ensure the CIO and CISO work closely together to ensure organizations can meet compliance and promote better security hygiene.
Previously, the CISO was responsible for an organization’s security while the CIO managed technical innovation and implementation. However, the CISO should be responsible for looking into broader security threats in the market while the CIO handles tactical execution. These shared responsibilities ultimately create a closer-knit relationship to enhance security measures. Both roles certainly vary from organization to organization. For example, some CISOs may be responsible for frontline cyber-defense duties while others focus on oversight responsibilities. Depending on an organization’s size and industry, some CISOs may handle both. 数字化转型网(www.szhzxw.cn)
At its core, the CISO role requires a solid understanding of technology, leadership, and management. They also need to understand the day-to-day business functions, working closely with industry regulators and board members, which has become more prevalent than ever.
Demands for the CIO role also continue to increase, with key focus areas including business insight, automation, and technical innovation to scale the business, which is becoming increasingly important in the age of generative AI. Before, the CIO role focused on system availability and simply “keeping the lights on,” but today, it’s looking into how to unlock data for organizational and customer insights best.
Maintaining a security-first posture involves reinspecting old processes and modernizing approaches to simplify operations, scale, and grow your technology stack. CIOs have always needed to look at digital transformation through this lens, ensuring that projects align with business goals while making the business more effective. Even in a small way, it’s of the utmost importance for CIOs.
2. Establishing Alignment in Today’s Attack Surface
Recent research found that 85% of organizations suffered at least one cyberattack in the last 12 months, compared to 76% in 2022. The results also showed that the roles closest to the challenges of cyber events — like the CIO and CISO — are often the least satisfied with the partnering between teams. In the face of ransomware specifically, both roles must strategize new methods of protection to save the organization from significant recovery costs, business disruption, and damaged reputation. Both roles should focus on working together to develop data recovery plans, including steps to take should a ransomware attack occur. 数字化转型网(www.szhzxw.cn)
The innovation of global cybersecurity groups and the evolving cyber threat landscape will always be the most important. Generative AI only adds to the complexity of attacks, meaning that the CIO and CISO must work together to enhance the resiliency of the business and prepare for the inevitable attack.
Both roles face heightened responsibility for threat detection and resolution and ensuring effective security hygiene, which calls for a tight alignment between the CIO and CISO roles. Driving and maintaining security across all endpoints means that both should be looking at avenues that foster a culture of innovation and resiliency as the basis of everything they do. The CIO should also manage the organization’s technology infrastructure, ensuring smooth operations as the CISO focuses on protecting that infrastructure from cyber threats. 数字化转型网(www.szhzxw.cn)
In today’s ransomware-heavy world, the CIO and CISO should look at initiatives that improve their business resiliency against threats, such as immutable and portable backups, to ensure data integrity in an attack. The CISO should be responsible for spearheading the security roadmap and vision, while the CIO ties in the technology component and validates the organization’s ability to execute it.
Despite their traditionally different focus areas, the CIO and CISO roles are deeply interconnected and play critical roles in protecting the organization. A healthy connection requires their work to be mutually dependent, and this starts with a focus on priority business outcomes rather than focusing on specific technologies. Striking a balance involves consistently discovering more collaboration opportunities as the attack surface and business priorities shift.
本文由数字化转型网(www.szhzxw.cn)转载而成,来源于INFORMATIONWEEK.COM;编辑/翻译:数字化转型网宁檬树。
免责声明: 本网站(http://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
