The Seventh Question Today’s CEOs Should Ask (& Know the Answer To)

Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams.

In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the type of answers teams should be providing.

This week we tackle a tough question:

Are we compliant?

For the purposes of this blog, I am going to speak only of cybersecurity/privacy regulations. I am already assuming that you, as the CEO of the organization, are aware of the applicable cybersecurity regulations for your industry. (If you aren’t, I would call outside legal counsel immediately.)

All joking aside, in regards to cybersecurity, being compliant with an applicable regulation (i.e. PCI, HIPAA, GDPR ) does not necessarily mean being “secure.” However, it is a great measure of overall maturity for your organization and the functions that support compliance.

Think of compliance as the price of doing business. Compliance with applicable regulations, when done correctly, can benefit security. Being compliant means having appropriate controls in place (per regulation) that can be audited to an external, third party’s satisfaction. It should also establish metrics for the compliance controls. Internal and external resources are responsible for ensuring compliance and security controls exist and are managed. The frequency of these audits vary but a second set of eyes on controls never hurts. While this does not equal being secure, it can benefit the security of your organization when the two functions work together and strategically.

Remender, as the CEO you are creating the culture in your organization. A culture of compliance will ensure your organization is able to avoid fines and, in some cases, continue to do business. Compliance efforts benefit your overall security program. My biggest piece of advice for CEOs as it relates to compliance and security is to ensure the two functions work together strategically. When the two programs are managed as two fiefdoms that don’t often interact, the relationship can become strained or, in the worst cases, adversarial.

One of my best friends in the industry is a rock star at compliance. When we worked together, making sure we were strategically aligned allowed for both our groups accomplish their mission and ensured that resources and projects were done in an order that benefited both functions. This partnership gave us the unique ability to walk into a room together and represent managing risk as one. In the end, both of us didn’t have to be in the room to ensure that both compliance and security were represented in strategic discussions. Build synergy among these functions and you should be in the right spot.

Asking this question should lead to other discussions such as budgets, resourcing, and appropriate strategic efforts. Remember. compliance, much like cybersecurity, should be seen as a strategic corporate enabler and managed appropriately.

In some organizations there can be a negative association with compliance in regards to cybersecurity. The failure of some organizations is to stop at “checking the checkbox” or doing the bare minimum required to satisfy an external third party. As we have previously discussed, attackers move faster than legislative or regulatory bodies ever can.

When it comes to compliance, stopping at the bare minimum may result in passing audits but it may also mean getting breached. It is important to be compliant but it’s more important is to establish a program that manages both compliance and cybersecurity concurrently. This approach will help save time money and resources.

The post The Seventh Question Today’s CEOs Should Ask (& Know the Answer To) appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.
Promoted Content
7 Experts on Moving to a Cloud-Based Endpoint Security Platform
Everyday companies put more of their assets in digital form. Healthcare records, retail purchases and personnel files are just some of the many examples of how our entire lives have moved online. While this makes our interconnected lives more convenient, it also makes them more vulnerable to attack. The monetary benefits of exploiting these vulnerabilities have created an extremely profitable underground economy; one that mimics the same one we all participate in and has led to an increase in the sophistication and frequency of attacks. At the same time, mobility and cloud are changing the security landscape. We’ve moved from a centralized to a decentralized model as end users increasingly work on-the-go and access critical business applications and resources from anywhere. As such there is more emphasis on the endpoint and individual identities - from both the defender and the attacker - than ever before. As endpoints become smarter, new challenges emerge: emerging ransomware and 0-day exploits infect all kinds of systems with ease, while many attackers use no malware at all to accomplish their malicious goals. With all this change, we spoke to 7 leading security experts to identify what’s working and how they’ve influenced their organization to make the necessary changes before becoming the next victim.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?