What CISOs prioritize in order to improve cybersecurity practices>
Help Net Security
In a new study by the The Financial Services Information Sharing and Analysis Center (FS-ISAC), CISOs weighed in on the most critical cyber-defense methods, frequency of cyber-preparedness reporting to their respective boards of directors as well as the current cyber chain of command within their respective financial organizations. CISOs surveyed were split on their top priorities for securing their organizations against cyberattacks. 35 percent of CISOs surveyed said that employee training is a top priority for improving security posture in the financial sector. Infrastructure upgrades and network defense are also prioritized by 25 percent of CISOs; and breach prevention by 17 percent. CISOs reporting into a technical function like CIO prioritize infrastructure upgrades, network defense and breach prevention. CISOs reporting into a non-technical function like the COO or the General Counsel prioritize employee training. The study found that quarterly reports to the board of directors were most common (53 percent) with some CISOs (eight percent) reporting more than four times a year or even on a monthly basis. The study found that the majority of CISOs donât report to the CEO; the top cyber chain of command is more likely to be the CIO; followed by CRO and then COO. The study found that the majority of CISOs donât report to the CEO; the top cyber chain of command is more likely to be the CIO; followed by CRO and then COO.
Link: https://www.helpnetsecurity.com/2018/02/13/what-cisos-prioritize/