Cybersecurity is all very well. But it's not enough. Now you have to know how to manage it.
Consider a general practitioner. Even if his role is primarily to treat his patients, he must also schedule appointments, check blood tests, write prescriptions...
The same applies to cyber managers. In addition to preventing and resolving security incidents, they have to juggle :
- implement action plans (BCP, DRP, etc.) ;
- report on policies implemented ;
- ensure compliance with applicable cyber regulations;
- communicate with internal users on cyber issues and best practices.
That's why we prefer to talk about management of cybersecurity: the aim is to put in place a comprehensive strategy, combining technical tools and human support.
Successful CISOs don't use magic, they use a method. And that's what this white paper is all about.