Average tenure of a CISO is just 26 months due to high stress and burnout according to a recent Zdnet report by Catalin Cimpanu that summarises survey results undertaken by Nominet.
Chief Information Security Officers (CISOs, or CSOs) across the industry are reporting high levels of stress; 88% of CISOs reported being “moderately or tremendously stressed”
Today, many companies are adopting CISO roles. The constant threat of hacks, ransomware, phishing, and online scams makes establishing a cyber-security department in any company a unavoidable decision. However, most companies are not ready to embed CISOs into their company culture and day-to-day operations.
CISO jobs come with low budgets, long working hours, a lack of power on executive boards, a diminishing pool of trained professionals they can hire, but also a constant stress of not having done enough to secure the company’s infrastructure against cyber-attacks, continuous pressure due to newly arising threats, and little thanks for the good work done, but all the blame if everything goes wrong.
The typical responsibilities of a CISO post include:
- Protect Business Assets
- Manage Business Risk
- Ensure Efficient Spending & Return on Investment
- Deliver Security Services & Controls
- Develop & Deliver Reporting
- Comply with Regulation, Standards & Policies
- Attract, Engage & Retain Expertise
- Strategy, Planning & Horizon Scanning
are clearly burdensome.
Setting expectations and starting to execute a reasoned approach are vital actions in the first 100 days and this article gives an example of such an approach- BASIL’s way – Basic Approach to Security Incident Limitation!
 Discover the Enterprise’s Data Crown Jewels
 Determine who and how these are accessed
 Redesign the IT Architecture to better protect the Data Crown Jewels
 Present plan for the changes necessary
 Set performance goals so CISO role and the Enterprise’s risk can be assessed
 Repeat after 18 months !
Executing this approach is still difficult but it is logical and will hopefully relieve some of the stress. Basil Philipsz would be pleased to provide a document that is a more detailed guide to help deliver this approach.