5 Mistakes, 5 Best Practices, & CEOs Focus for 2021 – BSW #195
In the Leadership and Communications section, How to Be a Visionary Leader and Still Have a Personal Life, 5 Mistakes CISOs Make in Their Board Presentations, What are CEOs focused on for next year?, and more!
Announcements
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Hosts
- 1. How to Be a Visionary Leader and Still Have a Personal LifeThe demands of an executive role can wreak havoc on the self and on personal relationships. Without thoughtful planning, leaders can experience both physical and mental-health issues as a result of their work, and their relationships with loved ones can deteriorate. Here are some tips: 1. Visualize both professional and personal outcomes. 2. Discuss your role with candor and care. 3. Build in resilience. 4. Apply a mindset of continual reinvention.
- 2. Audit committee best practices for understanding and acting on cyber-threatsCyber-security risk oversight is the area with the greatest increase in audit committee disclosures in proxy statements, according to the 2020 Audit Committee Transparency Barometer issued by the Center for Audit Quality and Audit Analytics. Companies of all sizes are dealing with increasing cyber-threats and new regulations over cyber-security and data management and reporting. Here are the best practices for companies and their boards and audit committees to address cyber-security risks: 1. Set a tone from the top. 2. Talk more about cyber-security. 3. Understand cyber-risks. 4. Embrace cyber-security by design. 5. Get an independent assessment of cyber-risks. 6. Have incident response protocols.
- 3. Cybersecurity communication key to addressing riskAs security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged. Here re two areas of focus: 1. CISO communication and collaboration - Communicating security goals and understanding the risk tolerance of various parts of an organization is key. 2. Security teams and vendors - Building strong cybersecurity relationships and cultures based on communication, collaboration and partnerships shouldn't just be limited to within an organization. It should extend to vendors as well.
- 4. 5 Mistakes CISOs Make in Their Board Presentations – Security BoulevardHere are 5 common errors in board reporting and how to avoid them. 1. Not speaking the board’s language 2. Not presenting an accurate picture of your risk 3. Not being able to quantify your security posture 4. Presenting too much information 5. Not having an operational plan
- 5. What are CEOs focused on for next year?According to Gartner, CIOs can support CEOs and the business by: 1. Scaling digital efforts mainstream, without pushing experimental initiatives 2. Work with the CEO to understand whether the executive plans to restore or redesign the business, and determine where digital efforts fit in 3. Support other C-suite executives to meet CEO demands; help COOs maintain employee productivity or help CFOs maintain cash on hand.
- 6. 5 best practices for negotiating SaaS contracts for risk and securitySoftware-as-a-service providers often handle your sensitive data. Here's how to hold them to a high standard for security: 1. Create a master list of risks relevant to your organization 2. Communicate what's non-negotiable to stakeholders 3. Negotiate additional protections 4. Insist on early breach notification 5. Pay special attention to contract termination conditions