A company's information system is a constantly evolving environment. Between the diversity of uses (telecommuting, BYOD, IoT...) and the plurality of infrastructures (on-premise, hybrid, full cloud), the company must involve all its employees in order to reinforce its cybersecurity posture.
Faced with so much complexity, the information systems security manager can no longer be the paragon of corporate IT security. Instead, he or she must move from soloist to orchestra conductor, in order to instill his or her vision of cybersecurity throughout the organization.
But how do you involve your teams in this joint project? How do you encourage collaboration between different departments? Find out more in this article.
The CISO is no longer solely responsible for corporate cybersecurity
Secure messaging platforms, CRM, online collaboration, data storage in the cloud... the corporate work environment has never been so connected.
This observation is prompting us to rethink the role of the CISO. As Gartner 's report on cybersecurity trends in 2022 reminds us, the CISO is no longer in a position to single-handedly manage all cybersecurity issues within a company. According to the report, cybersecurity management is becoming decentralized within companies, and now requires the involvement of different departments to ensure that cybersecurity requirements are harmonized.
This may involve :
- training employees in cyber risks;
- the use of appropriate protection tools;
- closer collaboration between the CISO and the departments, by appointing a CISO referent in each team.
The aim? To develop a mutual understanding of cybersecurity issues within the company. Referrers share their operational constraints in applying cyber best practices, and the CISO acquires a global vision of the company's operations.
While this strategy works on paper, it needs to be adapted to suit each team and each collaboration context.
The Executive Committee
With the forthcoming application of the new NIS 2 directive, responsibility for the proper implementation of cybersecurity requirements will now be placed partly on company management.
As a result, the CISO needs to work more closely with the executive committee (COMEX) to integrate cybersecurity into the company's governance strategy.
This collaboration aims to ensure a common understanding of the risks and the necessary protective measures to be deployed at all levels of the organization.
Human resources
CISOs and human resources need to work together, particularly when it comes to managing access rights linked to staff movements. And with good reason: HR is responsible for monitoring employee arrivals and departures, which has a direct impact on the management of access to company data.
By notifying the SSI team, this cooperation ensures that new employees are granted access strictly necessary for their function, and that outgoing employees' access is deactivated to avoid any security risks.
Purchasing Department and Business Teams
Collaboration between the CISO and the Purchasing department and business teams ensures supply chain security.
Business teams need to provide CISOs with detailed information on current projects and the suppliers they work with.
For example, by applying a lead time to the maintenance of a piece of equipment by a subcontractor, the SSI team will be able to interpret any alerts linked to the teams' connection to the company's internal network in a different way.
This collaboration not only strengthens the company's vision of ISS, but also prevents remediation actions from being launched by mistake or due to a lack of information.
Communication Department
The CISO needs to work closely with the Communications department, particularly when it comes to raising awareness of cybersecurity within the company or crisis management.
Together, they develop and deploy appropriate communication campaigns. It is therefore advisable for the CISO to identify as early as possible the software solutions used by the communications team, and to raise awareness of crisis management among team members.
How Tenacy helps you collaborate effectively with your teams
Clearly explain your needs to your employees
To ensure that employees understand exactly what is required of them, the CISO must be able to provide clear, detailed instructions.
The Tenacy platform enables the CISO to communicate effectively with the company's various IS managers, distinguishing between "pilots", who oversee the management of the solution, and "contributors", assigned to input specific data.
The new interface provides contributors with more information, enabling them to understand exactly what is expected of them, particularly in terms of ISO 27001 compliance or risk management.
Traceability of operations
Communicating with other departments also means ensuring traceability of operations. This means knowing what has been sent, to whom, when and why.
To meet this need, Tenacy includes functions for sending notifications and alerts to contributors. This component facilitates communication and ensures that every action is recorded and traceable, improving the transparency and efficiency of cybersecurity management within the company.
A single format for your requests
CISOs often encounter problems when collecting information. They receive data in different formats, such as Excel spreadsheets or emails, particularly from HR departments concerning information on new employees. This creates a huge workload in terms of consolidating and standardizing information.
Tenacy offers a single, standard format for collecting information, which can be used by all employees. This greatly facilitates the CISO's task of centralizing data and ensuring its uniformity, enabling more effective and consistent analysis and management of security risks throughout the organization.