The Seventh Question Today’s CEOs Should Ask (& Know the Answer To)

Share and earn Cybytes
Facebook Twitter LinkedIn Email

In a previous blog, we discussed Commander’s Intent for CEOs and introduced 10 questions CEOs should be asking their teams.

In this blog series, I am going to take a deeper dive into each question and break them down one at a time. We will discuss why CEOs should care about each question and the type of answers teams should be providing.

This week we tackle a tough question:

Are we compliant?

For the purposes of this blog, I am going to speak only of cybersecurity/privacy regulations. I am already assuming that you, as the CEO of the organization, are aware of the applicable cybersecurity regulations for your industry. (If you aren’t, I would call outside legal counsel immediately.)

All joking aside, in regards to cybersecurity, being compliant with an applicable regulation (i.e. PCI, HIPAA, GDPR ) does not necessarily mean being “secure.” However, it is a great measure of overall maturity for your organization and the functions that support compliance.

Think of compliance as the price of doing business. Compliance with applicable regulations, when done correctly, can benefit security. Being compliant means having appropriate controls in place (per regulation) that can be audited to an external, third party’s satisfaction. It should also establish metrics for the compliance controls. Internal and external resources are responsible for ensuring compliance and security controls exist and are managed. The frequency of these audits vary but a second set of eyes on controls never hurts. While this does not equal being secure, it can benefit the security of your organization when the two functions work together and strategically.

Remender, as the CEO you are creating the culture in your organization. A culture of compliance will ensure your organization is able to avoid fines and, in some cases, continue to do business. Compliance efforts benefit your overall security program. My biggest piece of advice for CEOs as it relates to compliance and security is to ensure the two functions work together strategically. When the two programs are managed as two fiefdoms that don’t often interact, the relationship can become strained or, in the worst cases, adversarial.

One of my best friends in the industry is a rock star at compliance. When we worked together, making sure we were strategically aligned allowed for both our groups accomplish their mission and ensured that resources and projects were done in an order that benefited both functions. This partnership gave us the unique ability to walk into a room together and represent managing risk as one. In the end, both of us didn’t have to be in the room to ensure that both compliance and security were represented in strategic discussions. Build synergy among these functions and you should be in the right spot.

Asking this question should lead to other discussions such as budgets, resourcing, and appropriate strategic efforts. Remember. compliance, much like cybersecurity, should be seen as a strategic corporate enabler and managed appropriately.

In some organizations there can be a negative association with compliance in regards to cybersecurity. The failure of some organizations is to stop at “checking the checkbox” or doing the bare minimum required to satisfy an external third party. As we have previously discussed, attackers move faster than legislative or regulatory bodies ever can.

When it comes to compliance, stopping at the bare minimum may result in passing audits but it may also mean getting breached. It is important to be compliant but it’s more important is to establish a program that manages both compliance and cybersecurity concurrently. This approach will help save time money and resources.

The post The Seventh Question Today’s CEOs Should Ask (& Know the Answer To) appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?