CISOs need to redefine their role and include business continuity management
- Published: Friday, 27 September 2019 08:35
KuppingerCole Principal Analyst, Martin Kuppinger, says that CISOs need to take a resilience approach to cyber protection and this requires understanding that their role should include business continuity management.
“Cyber attack resilience requires way more than just protective and defensive security tools and training. Resilience is about being able to recover rapidly and thus must include business continuity management activities. It is time to redefine the role of CISOs,” Mr. Kuppinger declared in a recent webinar on cyber security budgeting.
While prevention is key in limiting cyber attacks, it is fair to ask if prevention is enough, taking into account that cyber attacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, nevertheless, Mr. Kuppinger believes that a CISO should also feel responsible for business continuity and crisis communication: the ability to react so that business can go back to usual as quickly as possible is a much more realistic ambition than completely preventing attacks.
Mr. Kuppinger’s advice for every CISO is: “Detect, respond, recover, and improve. How can a business react to an attack while still planning for its future? By not segregating preventative action and business continuity management. A fusion of creative expertise will mitigate an attack and streamline the recovery. Extend the scope of what you’re doing. It’s more than just traditional cyber security. Business continuity is part of the picture. Even more so, business continuity management is key to cyber security.”