What Makes a Good CISO?

I get asked this question all the time: What Makes a GOOD CISO!  The reality is organizations are not able to address ALL of the risks in their environment. In today’s episode I go into details on the 3 main questions a CISO needs to answer to ensure they are fully evaluating the proper risks and priorities. 

It would cost way too much money to even try and address every vulnerability. This is why organizations need a CISO – someone that can assess the risks and create the strategies that ensure the correct priorities are being addressed at the right time.

Cybersecurity is not about firewalls or IBS’s – if we had to give a definition it is all about understanding, managing and mitigating the risk of critical data being disclosed, altered or destroyed.

To break this down through the lens of a CISO you need answers to these 3 core questions:

  • What is the critical information and critical data?
  • What are the risks, threats and vulnerabilities?
  • What is the primary focus from the CIA triad – Confidentiality, Integrity and Availability?