Average tenure of a CISO is just 26 months due to high stress and burnout according to a recent Zdnet report by Catalin Cimpanu that summarises survey results undertaken by Nominet.
Chief Information Security Officers (CISOs, or CSOs) across the industry are reporting high levels of stress; 88% of CISOs reported being “moderately or tremendously stressed”
Today, many companies are adopting CISO roles. The constant threat of hacks, ransomware, phishing, and online scams makes establishing a cyber-security department in any company a unavoidable decision. However, most companies are not ready to embed CISOs into their company culture and day-to-day operations.
CISO jobs come with low budgets, long working hours, a lack of power on executive boards, a diminishing pool of trained professionals they can hire, but also a constant stress of not having done enough to secure the company’s infrastructure against cyber-attacks, continuous pressure due to newly arising threats, and little thanks for the good work done, but all the blame if everything goes wrong.
The typical responsibilities of a CISO post include:
- Protect Business Assets
- Manage Business Risk
- Ensure Efficient Spending & Return on Investment
- Deliver Security Services & Controls
- Develop & Deliver Reporting
- Comply with Regulation, Standards & Policies
- Attract, Engage & Retain Expertise
- Strategy, Planning & Horizon Scanning
are clearly burdensome.
Setting expectations and starting to execute a reasoned approach are vital actions in the first 100 days and this article gives an example of such an approach- BASIL’s way – Basic Approach to Security Incident Limitation!
[1] Discover the Enterprise’s Data Crown Jewels
[2] Determine who and how these are accessed
[3] Redesign the IT Architecture to better protect the Data Crown Jewels
[4] Present plan for the changes necessary
[5] Set performance goals so CISO role and the Enterprise’s risk can be assessed
[6] Repeat after 18 months !
Executing this approach is still difficult but it is logical and will hopefully relieve some of the stress. Basil Philipsz would be pleased to provide a document that is a more detailed guide to help deliver this approach.