CISO as a Salesman: Win Support for Your Key Initiatives
Executive boards in the Financial Services, Healthcare and Higher Education industries each have different perspectives when it comes to information security. To win support for key security initiatives CISOs must understand the nuances of what’s important within the industry and tune their strategies to align with the focus of the executive board.
Trust is critical within the financial services. Selling security within the Financial Services industry remains difficult but CISOs have the advantage of having the attention of the board because they understand the risk and security concepts. To gain support for key initiatives:
- Build a strong case that shows planning and describes how the investment will be invested
- Include details about the program
- Promote the use of security as a competitive advantage
- Emphasize that customers are sensitive to security breaches and want to do business with secure financial services firms
Lawsuits and the theft of medical records are top concerns in the Healthcare industry. If someone’s medical record is stolen, it’s not like a plastic credit card that can be replaced. The theft of medical records can cost the individual, the hospital, or a healthcare organization a significant amount of money. To win support for security initiatives:
- Use audits to show how logging or additional resources can empower you do a better job
- Leverage healthcare compliance initiatives to implement strong security programs
Information security within the Higher Education industry is still evolving. Security leaders must establish credibility with leadership in order to gain support. Options include:
- Participate in industry award events, security forums and other external programs to increase visibility and gain credibility through peer endorsement
- Leverage audit findings
- Build a strong case that shows planning and describes how the investment will be invested
- Include details about the program
Regardless of whether one is in financial services, healthcare or higher education, two themes universally apply:
- When approaching the board for funding for security, include an education component
- Take steps to change the behavior of visible “rogue employees” who are not following security practices. Employees who are getting away with something because of who they are impact the morale of employees across the business.
|