Faced with such complexity, the information systems security manager can no longer be the sole guardian of the company's IT security. They must shift from being a soloist to a conductor in order to instill their vision of cybersecurity within the organization.
But then, how can teams be involved in this joint project? How can collaboration between different departments be encouraged? This article provides analysis and explanations.
The CISO is no longer solely responsible for corporate cybersecurity
Secure messaging platforms, CRM, online collaboration, cloud data storage... the corporate work environment has never been so connected.
This observation prompts us to rethink the role of the CISO. As noted in Gartner's report on cybersecurity trends for 2022, the CISO is no longer able to manage all cybersecurity issues within the company on their own. According to the report, cybersecurity management is becoming decentralized within companies and now requires the involvement of different departments in order to ensure consistent cybersecurity requirements.
This may involve:
- training employees on cyber risks;
- the use of appropriate protective equipment;
- Strengthening collaboration between the CISO and departments by appointing an ISS representative in each team.
The goal? To develop a mutual understanding of cybersecurity issues within the company. This allows representatives to share their operational constraints in applying best cyber practices, and gives the CISO a comprehensive overview of how the company operates.
While this strategy works on paper, it still needs to be adapted to suit different teams and collaboration contexts.
The executive committee
With the upcoming implementation of the new NIS 2 directive, responsibility for the proper implementation of cybersecurity requirements now rests in part with company management.
As a result, the CISO must work more closely with the executive committee (COMEX) to integrate cybersecurity into the company's governance strategy.
This collaboration aims to ensure a common understanding of the risks and protective measures that need to be implemented at all levels of the organization.
Human resources
The CISO and human resources must work together, particularly when it comes to managing access rights related to staff movements. And with good reason: HR is responsible for tracking employee arrivals and departures, which has a direct impact on managing access to company data.
By notifying the SSI team, this cooperation ensures that new employees are given only the access rights strictly necessary for their role and that the access rights of departing employees are deactivated to avoid any security risks.
Purchasing Department and Business Teams
Collaboration between the CISO, the Purchasing Department, and business teams ensures the security of the supply chain.
Business teams must provide CISOs with detailed information about ongoing projects and the suppliers with whom they collaborate.
By applying a notification period for equipment maintenance by a subcontractor, the SSI team will be able, for example, to interpret any alerts related to teams connecting to the company's internal network in a differentiated manner.
This collaboration not only reinforces the SSI vision within the company, but also prevents remedial actions from being launched by mistake due to a lack of information.
Communications Department
The CISO needs to collaborate with the Communications department, particularly in the context of cybersecurity awareness initiatives within the company or crisis management.
Together, they develop and roll out tailored communication campaigns. It is therefore advisable for the CISO to identify the software solutions used by the communications team as early as possible and to raise awareness among team members about crisis management.
How Tenacy helps you collaborate effectively with your teams
Clear explanations of your requirements to your employees
In order for employees to understand exactly what is required of them, the CISO must be able to provide clear and detailed instructions.
The Tenacy platform enables the CISO to communicate effectively with the company's various information security officers, distinguishing between "pilots," who oversee the management of the solution, and "contributors," who are assigned to enter specific data.
The new interface provides contributors with more information, enabling them to understand exactly what is expected of them, particularly in terms of ISO 27001 compliance and risk management.
Traceability of operations
Communicating with other departments also requires the CISO to ensure the traceability of operations. This involves knowing what was sent, to whom, when, and why.
To meet this need, Tenacy has features that allow notifications and alerts to be sent to contributors. This component facilitates communication and ensures that every action is recorded and traceable, thereby improving the transparency and efficiency of cybersecurity management within the company.
A single format for your requests
CISOs often encounter problems when collecting information. They receive data in different formats, such as Excel spreadsheets or emails, particularly from HR departments regarding information about new employees. This situation creates an excessive workload in terms of consolidating and standardizing information.
Tenacy offers a unique, standardized format for collecting information that can be used by all employees. This greatly facilitates the CISO's task by centralizing data and ensuring its consistency, enabling more effective and consistent security risk analysis and management within the organization.
The essentials
In the field of cybersecurity, the proverb "unity is strength" takes on its full meaning here. Between collective intelligence and acculturation to cybersecurity issues, the CISO must involve employees in this joint project.
As a result, interdepartmental collaboration is essential for identifying, assessing, and mitigating security risks. To facilitate this collaboration and improve traceability and risk management, the Tenacy platform offers an integrated solution. This solution standardizes and centralizes data, making cybersecurity more accessible and understandable for all employees.
To find out how Tenacy can strengthen your company's security posture, contact our experts now!
