This post is about wisdom on the one hand and thinking and practices that are less than wise on the other.
I was reading through a 2016 article in the online CSO magazine, CISOs bridge communication gap between technology and risk, when I found these:
Grant Thornton’s Chief Information Security Officer (CISO), said:
“…boards are starting to understand that security is another risk to an organization. It’s not really just an IT issue. The impact that cybersecurity incidents can have on the organization has put it in the same class as other risks to the organization because it can be just as damaging.”
The article also has:
“ at its core, security is an executive level business problem. [James Christensen, vice president of information risk management for Optiv says] “Five years ago that never would have been a part of the conversation, but now the more successful CSOs are doing this.”
Steven Grossman, vice president of strategy and enablement at Bay Dynamics says:
“The goal is to manage security in a more effective way. It’s all about everybody marching to the same drummer. Bringing together all the silos in the business so that there are no silos”.
He also says:
“I need to understand the business goals. I am speaking to them in terms that they are going to understand.”
This…