Today, enterprise organizations worldwide face a growing range of cyber security threats. From speaking with a number of leading CISOs, we know many view their peers as valuable and important resources in the fight against cyber attacks because they have challenges and adversaries in common.
In a CIO article , Jim Motes, contributor to our CISO View research report, advocates for stronger collaboration among information security leaders to help stem the current cyber security talent shortage while better protecting corporate networks. Many CISOs we speak to believe that sharing experience, observations, predictions and solutions with peers is absolutely critical. This is often easier said than done in a world of overbooked schedules.
This is why CISOs have responded positively to the report, “The Balancing Act: The CISO View on Improving Privileged Access Controls,” commenting the report is like “getting a bunch of ace CISOs together and picking their brains – all without ever leaving the office.”
The research addresses the elements that facilitate security initiatives – details based on hard-won experiences of security professionals. Your organization is not alone in its challenges, even the best managed organizations have a range of issues to address including cultural resistance to change. This group of change-agent CISOs has made things happen even when the realities of legacy systems, processes and personalities were messy. By learning from their experiences, you can too.
I’ve been impressed by how candid the contributing team of CISOs have been. It’s my hope that their pragmatic, real-world stories will help you plan and hone your security programs. I encourage you to download and read the full report. But in the meantime, here is more food for thought:
- Improving privileged access controls is a balancing act between restricting and enabling access. There are options available for an effective strategy.
- A team with the right blend of hard and soft skills is a key ingredient in improving privileged access controls. Influencing and educating people is a critical job, and to do that, the security team needs to rely on members who are good with both technology and with people.
- Metrics are essential for evaluating the need for improvements, and then later, measuring the effectiveness of controls and the impact on the business. The report provides specific recommendations on what metrics to gather and how to best use them.
We are proud to support the CISO View initiative and are grateful to the group of CISOs who made this initiative possible. By sharing their insights, the members of the panel are helping the larger community improve privileged access controls.