fbpx
ShadowKat Logo

The Role of Executive Leadership in Cybersecurity

·

Cybersecurity is an incredibly complex topic.  Even the most brilliant minds will not understand a lot of it unless they spend a lot of time learning about the topic.  Executives do not have that luxury and must depend on their mid to lower-level managers.  Yet those managers are often not in a place of power to effect change.  In other cases, those managers may resist doing the right thing because it causes them extra effort, or the requirements are difficult to implement.  Leaders need a way of understanding where they stand in the way of risk so that they can figure out where they want to invest and improve their data security practice.

When conflicts between Infrastructure Teams, Development, DevOps, and Security occur, how do they get resolved?  It all starts with having a good system for tracking KPI’s (Key Performance Indicators). 

KPI’s play a critical role because they help the executive to see the issues regardless of what department managers have to say.  Having accurate and up to data KPI’s are a challenge.  In many cases these KPI’s are built in excel and can be easily modified and misconstrued.  System generated data is usually a better approach. 

The Executive’s role is first to decide how big of a role security needs to play in their business.  How critical is it?  The needs can be drastically different depending on the type of business.  For example, an oil change franchise will be much different than a hospital group.  The executive needs to understand their appetite for risk.

After understanding the tolerance for risk, the executive should implement a culture that is appropriate for level of risk they are willing to tolerate.  Why is culture important?  Culture plays a critical role.  Take the previous example in this article where there is a disagreement between departments on how to address a particular issue.  If you have a culture that has an extremely low tolerance for risk, then this will help to govern the conflict.  In this case, even though a solution might cost a lot and require a lot of work, it still may make sense to implement.  On the other hand, the opposite may be true if cybersecurity isn’t one of the organizations prioritized goals.

In the case where security is a priority, executives should require the management team to builds security program with KPI’s.  These KPI’s should be reviewed by executive leadership and the management teams on a routine basis.  This can allow your program to improve and grow over time.    

As mentioned before, when producing these KPI’s there are many ways to fudge numbers and make your progress look better or worse than what they really are.  Therefore, it can be valuable to have a third party come in an audit that process.  When it comes to security, department managers tend to not agree.  This is also where a third party can help to set a level playing field.

Facebook
Twitter
LinkedIn
John Survant
John Survant
John Survant has been an Information Technology Manager for over 20 years and has extensive background in cybersecurity, compliance, and network infrastructure. He has achieved several highly regarded network security certifications: CISSP, HCISPP, CEH, ECSA, CCNP, MCSE, and several Splunk and F5 Certifications. Mr. Survant also obtained a Master of Business Administration from the UK-UofL Executive MBA program, Class of 2018.
Follow us
Facebook Twitter Linkedin Instagram
Subscribe to our News Letter
Latest posts
What they say
"60% of data breaches are caused by a failure to patch. If you correct that, you've eliminated 60% of breaches. And I didn't even have to say AI or Blockchain! See how that works?"
Ricardo LafosseCISO of Morningstar
"Just the process of doing a risk assessment changes the culture. People now realize, 'Oh, I do have something that's worthy enough,' [of a cyberattack] just by going through those risk assessments. We flipped the model around. We focused first on what you are doing well that we want you to keep doing. And in places that they may not be doing so well we said you're not really hitting best practice, let us help you get there. So that was a big, big change right off the bat on how people looked at our group."”
David SherryCISO of Princeton University
“We believe the customer should be in control of their own information. You might like these so-called free services, but we don’t think they’re worth having your email, your search history and now even your family photos data mined and sold off for god knows what advertising purpose. And we think some day, customers will see this for what it is.”
Tim CookCEO of Apple

Our philosophy is that cybersecurity is a “No Fail” mission, and so our goal is to provide the insight and solutions that ensure our customers are protected against cybersecurity crime, because the future of their business absolutely depends on it!

Facebook Twitter Instagram Linkedin
Tampa Bay

501 East Kennedy Blvd.
Suite 650
Tampa, FL 33609

sales@shadowkat.com +1.813.509.2354

Have A Question?

We want to hear from you! Click below to send us a message and we will get back with you ASAP.


Contact Us

Copyright © 3W Security 2022. All rights reserved.