 |
 |
|
 |
|
 |
|
|
|
||
|
||
|
|
Embedding Information Security Risk Management into the Extended Enterprise
A Workshop on Developing a Secure Organization CISO imperatives for the next 12-18 months, based on the findings of the CDS-I3P workshop. |
 | ||
 |
||
 |
|||||
|
 |
|
Workshop Proceedings PDF (322K)
Press Release
Agenda
Discussion Guide
List of Panelists and Participants
|
|
|
 |
|||||
|
|||||
In this workshop, CISOs from Fortune 500 firms gathered to debate the challenges of organizing for security (see the Workshop Proceedings for more detail). The objective was to go beyond understanding best practice to develop an action plan for the next 12-18 months. The group concluded that the top six imperatives for CISOs to enable security transformation are:
- Metrics:
- Develop composite metrics that are simple to understand and are clearly linked to the business.
- Increase benchmarking activities both within and across industries.
- Align information security initiatives with the company's strategic goals.
- Help business partners understand the risk and business case for security as an integrated part of the extended enterprise.
- Inculcate information security into the DNA of the organization.
- Develop and find security talent that can understand the business and communicate the business case for security.
|
|
 |
Embedding Information Security into the Organization, Security & Privacy Magazine, IEEE |
|
|
|
"Building the Security-to-Business Bridge" - ISTS Quarterly |
|
|
|
"Fortune 500 executives report they need better tools to measure the benefits of cyber security" - press release |
|
|
|
I3P - The Institute for Information Infrastructure Protection |
|
|
|
"Information Security and Privacy: At Odds with Speed and Collaboration?" - a Thought Leadership Summit on Digital Strategies |
|
|
|
Center for Digital Strategies' Information Security Project |
|
|
