Every organization is led by people who are responsible for setting the overall direction, establishing priorities, maintaining influence over organizational functions and mitigating risks. Given the wide range of organizational types across industry sectors, the titles associated with these roles may vary greatly from CEO to Managing Director to Owner-Operator and beyond, but they share common traits.
They are the most senior leaders, or they directly support strategic decision makers. They likely have fiduciary responsibility and budget authority. They may even be owners of the business themselves. Whatever the specifics, these are the leaders who are held accountable for the organization’s well-being and performance. And in today’s world, cybersecurity is among their chief concerns.
As noted in the recently-published guidebook, Cybersecurity is Everyone’s Job (a publication of the Workforce Management subgroup of the National Initiative for Cybersecurity Education (NICE)), these leaders have a specific role to play in their respective organization’s cybersecurity posture, with responsibilities that include:
- Managing and mitigating overall cyber-related business risks,
- Establishing effective governance controls,
- Prioritizing and resourcing cybersecurity programs,
- Safeguarding the sensitive information they rely on for planning and decision making, and
- Establishing a cyber-secure culture within the organization.
These are the primary ways that senior leaders influence the cybersecurity posture of their organization.
But fulfilling these responsibilities is not easy, particularly since cybersecurity is just one of many concerns they must address each day. To simplify the task, the guidebook provides a list of practical steps each leader can take.
To begin with, leaders must understand cybersecurity basics and best practices well enough to enable sound decision making. They do not need to become technical experts themselves—these roles are typically delegated or outsourced—but they do need to have a generalist’s understanding of the field, much as they must understand the basics of sales, marketing, (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Maurice Uenuma. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/cybersecurity-is-every-leaders-job/