Articles
>
How can the CISO be everywhere?

How can the CISO be everywhere?

Because protecting a company means knowing every nook and cranny and all its external connections, an effective security policy relies on meticulous mapping of the areas to be covered. In practice, however, monitoring all spaces and aggregating information is an ambitious task. The levers for achieving this are technical, organizational, and human.

October 10, 2022
Table of Contents
Discover how Tenacy structures your cybersecurity
Schedule a demo

Organization, one of the cornerstones of cybersecurity

Cybersecurity is a cross-functional issue, requiring both control over what is happening in all areas of the company's activities and an overview of the whole picture. When chosen wisely, tools and processes are the CISO's best allies.

Establish a catalog of solutions

What tools can the CISO rely on on a daily basis? The ANSSI's IT hygiene guide undoubtedly provides an excellent starting point for identifying the tools needed to achieve a "standard" or even "enhanced" level of security.

On this basis, the CISO can select the most relevant tools to implement in each of the areas under their protection:

  • scoring tools (such as SecurityScorecard or Bit Sight) for subsidiaries;
  • a tool for assessing the maturity of service providers in terms of cybersecurity management (such as Cybervadis);
  • e-learning and testing among employees...

Regardless of the tools chosen, creating a comprehensive catalog of solutions has the advantage of harmonizing solutions within the company. By presenting itself as a "recipe" to follow, it also encourages buy-in from all stakeholders, especially those whose interests may be conflicting.

Designing processes and focusing on collaboration

Knowing everything about everything: this is one of the primary requirements of the CISO, who must constantly stay informed about what the teams are doing. This necessarily involves implementing processes such as updating the supplier directory andproviding real-time information to the CISO.

However, is information alone enough? The answer is no! To quote the first piece of advice given in the 2021 edition of the CEIDIG guide "The essentials of digital security for managers," security is "much simpler and more effective when it is implemented from the outset of projects."

It is therefore up to the CISO to be proactive and intervene as early as possible, seeking to establish fruitful collaboration with all departments (legal and HR, of course, but also business units). For example, the CISO has a key role to play in the supplier selection process: this is the best way to weed out providers that do not meet requirements and to ensure a consistent level of security across the entire area to be protected.

Support: an essential lever for protecting the company

Tools and processes are good, but getting people to adopt them is even better! Cybersecurity is everyone's business within organizations, and its effectiveness depends more than ever on the human support available to the CISO. However, the support and goodwill of employees must be earned...

Employees are both a threat and an opportunity

Unsurprisingly, each employee represents a gateway to the information system, with serious consequences for the company in the event of negligence or human error (business disruption, damage to reputation, etc.).

According to an IFOP survey published in November 2019 at the request of IDESCI ("Employees and data security at work"), 47% of employees have already been victims of phishing. In addition, 34% have access to, store, or share sensitive or confidential documents (accounting data, personal documents, etc.).

At the same time, teams are expressing concern about cybersecurity and their need for support. The survey reveals that 25% of employees do not use certain IT tools for fear of security or confidentiality issues. Furthermore, 86% of employees believe that managing professional data security on an individual level would limit the risk of hacking within the company.

Solutions for instilling a culture of cybersecurity

While the CISO cannot be everywhere, they can create points of contact with employees to encourage them to play a role in protecting the organization. As a first step, why not start by setting up a security desk where employees can report suspicious information or get answers to their questions?

Beyond raising awareness, employees need resources and tools that are intuitive, easy to learn, and easy to use. When it comes to phishing attempts, for example, a simple and effective solution is to integrate a plug-in into email accounts so that anyone can immediately report any suspicious emails.

‍

Tenacy, the leading solution for 360° vision

Contact us
Other articles

You may be interested in

6 acronyms for cyber compliance
Life as a CISO
ISO 27001, NIS, LPM, NIST CSF, PCI-DSS, NC: compliance in 6 acronyms

The cybersecurity industry, and particularly the field of incident response, is an environment where all kinds of acronyms flourish. It's so easy to get lost. Standards, directives, laws, processes... Let's take a look at the definitions of six acronyms commonly used in compliance that no one should be unaware of.

November 15, 2022
SSI dashboards: should we abandon them? - Tenacy
Life as a CISO
SSI dashboards: should we abandon them?

From design to formatting, not to mention the thorny issue of data collection, SSI dashboards make life difficult for CISOs. A complex environment, difficulties in engaging contributors, unsuitable tools... there are many reasons for the time wasted and frustration generated, to the point that some CISOs are almost tempted to give up. They therefore sometimes turn to predefined, technical dashboards provided by the multitude of technological solutions available on corporate networks.

What if the solution was to continue creating dashboards, but in a different way?

November 3, 2020
The challenges of cyber awareness
Life as a CISO
Cyber awareness: how to rise to the challenge?

While the ANSSI hygiene guide recommends raising user awareness of basic IT security best practices, the reality is enough to make CISOs tremble. According to the CESIN cybersecurity barometer established in January 2020, employees remain difficult to mobilize. 45% of companies believe that their employees do not follow the recommendations! So what solutions are available to CISOs to raise awareness and engage teams?

October 27, 2020