On several occasions this week and last week CISOs came together to talk about their role in their organisation and share knowledge during cross-sectoral intervision groups.
On Wednesday 6 October and Thursday 14 October two of the eight HSD CISO Intervision groups met in person at the HSD-campus, after a long period of online sessions since Covid. The theme chosen was the human factor: How to get from awareness to action. Supported by a presentation by Accenture's Helen Schedeler and Maurits van Heusden, a lively discussion included CEOs at the airport, repeat victims and everything in between. The common theme was positive behavioural change. One thing was clear. A negative approach doesn't work. Rewarding the occasions where colleagues do report their mistakes will help your security level a lot better.
Cross-sectoral intervision meetings
In 2018 HSD Office started setting up cross-sectoral intervision meetings for Chief Information Security Officers (CISOs). At this moment there are eight groups, and new groups will be formed. Meeting the same people enhances the trust necessary to share and learn from each other. During these intervision meetings, CISOs from different sectors -such as the banking and governmental, greenhouse horticulture, energy and multinational sector- exchange knowledge & ideas and discuss solutions for IT-security and challenges in their role of CISO.
These meetings are organised several times a year. The format is always the same: a small group of CISOs come together in a confidential setting, without product providers. And once a year HSD organises a CISO network afternoon where the participants of the different groups meet each other and other interested CISO's or CIO's. The CISOs look cross-sectorally for resilient cyber strategies to minimize the impact of cyberattacks. The role of CISOs is becoming more important than ever. In a world where the frequency of threats is advancing. Well-developed strategies for the future are necessary, when it gets hard to keep up with the advancing attacks and methods of attackers for protection and security
Role CISO getting bigger
The role of CISOs is getting bigger and they need to be more visible. That’s what HSD director Joris den Bruinen pointed out at the online Gartner-Evanta Benelux CISO summit on 5 October 2021. To create more support base within their organisation, to involve the chain and to convince the board of their insights and viewing points. According to Den Bruinen CISOs need to work on Predict, Prevent, Detect, but moreover Response, and therefore need to have fall back scenario’s for instead of on working without their default ICT systems for a longer period of time. Also having annual cyber security exercises could be one of the methods.
A CISO has an independent role and gives objective advise about information security and cyber resilience. Preferable from the heart of an organisation and therefore establish a bridge between processes and people. By being proactive and aligning with the expertise of colleagues CISOs can involve their colleagues in cyber security. Through involvement CISOs can let their colleagues and line managers think about cyber security themselves. By creating a decision-making board where they seriously weight the advice, risks and (business) goals.
HSD wrote down lessons learned into a white paper ‘towards a robust cyber security’. Where the conclusions in the whitepaper are twofold:
- Almost all CISOs deal with the same questions: how do you get enough time, money, talent and commitment from the board?
- The robustness of many organisations needs extra attention. Total black out of IT is conceivable, as ransomware attacks keep showing us several times. So, this total blackout should be part of your Business Continuity Plan. More in general, cyber security should align more with the core business and the board should be more conscious of the importance of cyber security, robustness and resilience.
Like to know more about this whitepaper? Go and check the whitepaper out now!
More information and join a CISO-session
Are you a CISO and interested to join one of the CISO-sessions to share your expertise?
The next CISO network meeting will take place at HSD on 23 November 2021, this will be a mini-symposium.
More details about this symposium will be announced begin November.
Check for all the other meetings the HSD Calendar.
Or please contact email@example.com .