richardb8006 | Chief Information Security Officer (CISO) | Module 1 - Introduction & Overview

Module 1 - Why We Need CISOs
This lesson will focus on the reasons why we need a CISO and why information security is an executive level responsibility.
You will learn about the various threats to our data including:
- Identity theft, which claims over 15 million victims with losses near $50 billion dollars
- Credit card fraud that results in over $16 billion dollars in lost
- That over 21 million records of government employees were breached in 2015
- $18 million dollars in losses to ransomware
- Millions of dollars in fines due to non-compliance with HIPPA, PCI-DSS, etc.
The importance of elevating information security to the executive level to provide adequate protection for our data will be discussed.
The course participant will learn the benefits of “top down management” regarding data security where senior management support and provide resources for the security function. You will learn why a “bottom up” management style will ultimately compromise the organization’s data security.
Participants will learn how incorporating security governance into senior management will ultimately create a greater compliance, avoid liability for losses, and create greater trust with your customers.
The six outcomes of effective security governance are covered in detail, and the negative impacts of excessive security. Find out why, if security governance is in place; we will have a better risk management implementation.
Benefits to effective information security governance:
- Greater likelihood of maitaining compliance
- Documented efforts of due care and due dilligence
- Increasing predictability and reducing uncertainty of operations
- Provides a reasonable assurance that critical business decisions are not made on faulty information
- Improves trust in customer relationships
- Enhances the reputation of the enterprise
- Provides accountability for protecting information
- Assists in effectively managing information security resources
Six outcomes of Effective security governance:
- Strategic alignment – information security should align directly with business strategy to support organization objectives
- Risk management – Executing appropriate measures to mitigate risks to an acceptable level
- Resource optimization – Using information security knowledge and infrastructure efficiently