APRIL - 20238GOVERNMENT CIO OUTLOOKIN MYOPINIONA CISO POINT OF VIEWBuilding a Cybersecurity program from the ground up requires the adoption of an existing framework such as NIST, COBIT, ISO, etc. This adoption will speed up the process of building all the layers of protection that were developed and tested by many organizations for long periods of time. The goal is to make the organization resilient. Of course, along the way, the layers of protection will prevent the majority of incidents, but eventually, sloppy Information Technology practices or events of nature will lead to a disaster. A seasoned CISO realizes that no matter how much effort and resources are put into all the layers of protection, eventually, the need to recover to a healthy state is the most important layer and prepares for it.The challenge is on! CISOs across all industries, including Government, are in the middle of implementing, maturing, replacing, testing, and monitoring security layers with varying success levels. A successful program depends on budget, people, technology, and skill. When people say `Cybersecurity is hard,' it is because typically, it is not well funded, poorly staffed, using immature technology, or is riddled by a strong skill shortage. For the past 30 years of my career, I have been part of this challenge, and it seems that, so far, there is no fundamental change in the industry to disrupt what we have been doing for so long. If we will be doing the same thing for the foreseeable future, can we do it more gracefully? I believe that there is one ingredient that is missing in this massive challenge, sympathy for the impacted people. Let me begin with the Cybersecurity staff. They are asked to become business oriented, understand business objectives, strengthen the reputation of the organization, and build customer trust. They are asked to be on top of the latest technology, to be part of a team with the right mix of technical skills, to develop a solid set of security management skills, to adhere to a well-defined framework, and to have a solid understanding of the organization mission and goals. Bottom line, we are asking a lot from Cybersecurity staff.Another technology staff is stressed out because we ask them to apply more rigor to their practices. In the past, falling slightly behind on patches or larger versions Marcelo Peredo, Chief Information Security Officer, City of San JoséByMarcelo PeredoWe need to acknowledge and sympathize with the individuals that are under constant pressure from Cybersecurity demands
< Page 7 | Page 9 >