data-breach2Security breaches have a low impact in the eyes of executive management, but nothing could be further from the truth. Actually, the likelihood of a breach is not if, it’s when.

The expertise needed to mitigate breaches is usually in the hands of the CISO, and rightfully so. The CIO, however, can have a huge impact and be the perfect “partner in crime” if given the opportunity.

JC Gaillard believes that in order to be successful, the CIO needs to send the right messages in three directions: upwards, downwards and sideways. JC’s latest article for explains this concept and is summarized below:

Managing Upwards: How To Involve Board Members On Information Security Matters

Avoiding security breaches, or dealing with them, requires coherent action over time – across the whole organization. For this to be successful, each party involved (business units, HR, Legal and IT) needs to have a clear understanding of its role and remit.

A medium to long-term strategy and a solid cross-silo governance model are essential for information security.

The first challenge of the CIO is to drive this message upwards to the board of directors and its members.

Managing Downwards: How Do You Close The Gap Between Security And IT?

The reporting line of the CISO is also essential, with the lack of cultural fit between security and IT being a key element in that respect. But, with the right seniority and profile – and at the right place in the CIO’s organization, the CISO – who should naturally navigate across corporate silos – can be a very powerful political ally for the CIO.

Managing Sideways: How Do CIOs Lead Themselves To Success?

CIOs must remain in control of their own priorities over the medium to long-term. The CIO needs to manage the relationship with auditors firmly and intelligently.

The CIO must ensure that auditors are aware of the broader control agenda set by executive management and work within it. The CIO must also have the confidence to push back on arbitrary audit issues that do not fit within the broader control agenda – should any be raised.

For more information on governance management for the CIO, see the full article.


IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.


Three-Dimensional Governance for the CIO

Leave a Reply