SoylentNews is people
SoylentNews
If CISOs don't do a good job of communicating, 59 percent of board members said that the security executives stand to lose their jobs, according to a new survey released today.
"If they're not up to par in the minds of the board, there will be action taken," said Ryan Stolte, co-founder and CTO at Bay Dynamics.
It marks an inflection point in how the boards look at cybersecurity, he said.
Previously, boards looked at breaches as an act of God or natural disaster, he said, or just fired the CISO even if the breach was not something they could have prevented.
"Now they're treating it as a risk management concern," he said. "It's a mind change."
[...] According to the survey, which was conducted by Osterman Research, cyber risk is now a top priority for board members, right up there with financial risk, regulatory risk, competitive risk, and legal risk.
[...] 54 percent of board members said that the data they were getting was too technical, and 85 percent said that IT and security executives need to improve the way they report to the board.
If the reports aren't useful and actionable, 93 percent said that there would be consequences. These included termination, said 59 percent, or warnings, said 34 percent.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @04:25PM
Hackers are going to have notches for how many CISOs and CEOs they got fired.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @04:49PM
doing gods work
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @04:36PM
"you keep referring to this 'Computor' thing! you're FIRED!"
https://www.youtube.com/watch?v=Wmlhr9-Jb2w [youtube.com]
(Score: 2) by theluggage on Wednesday June 15 2016, @04:39PM
If your job title is a TLA or ETLA beginning with "C" and you get a "renumeration package" rather than a salary then getting fired occasionally goes with the territory. 3 months "spending more time with your family" and you'll be back in the game.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:39PM
CXO's of a bank don't normally get fired if there is a robbery.
(Score: 1) by WillR on Wednesday June 15 2016, @07:32PM
(Score: 3, Insightful) by captain normal on Wednesday June 15 2016, @05:07PM
"...54 percent of board members said that the data they were getting was too technical, and 85 percent said that IT and security executives need to improve the way they report to the board."
If a board of directors is too lazy, too ignorant or plain too stupid to study how the internet and networks function it seems to me the shareholders should fire them.
"It is easier to fool someone than it is to convince them that they have been fooled" Mark Twain
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @05:21PM
Totally! Otherwise they will be getting reports such as "hackers tried to get in through one of our boxes, we need more money to get a better box and hire a full time box watcher." Great communicationz, much skillz, so ez.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @05:22PM
I agree. Why are non-technical people allowed on the board? They don't understand what is happening and then pass the blame along.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:37PM
Because they (used to) represent the owners, and there is no expectation of having them be technical people?
(Score: 2) by khchung on Wednesday June 15 2016, @11:53PM
If you were the owner a business that critically depends on something, such as network security, and yet you did not take the time to understand it, then your business is going to fail. And if you did that as a representative of the owner, then you were "too lazy, too ignorant or plain too stupid" for the job.
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @05:43PM
The subject of this sentence should properly be who. Whom is used as the object of a verb or preposition. Whom is not just a fancy form of who, and whom does not exist for the purpose of making yourself appear to be sophisticated. Words have meaning, you mindless dickfucker.
(Score: 1, Informative) by Anonymous Coward on Wednesday June 15 2016, @05:54PM
whom could care less?
(Score: 3, Funny) by Gaaark on Wednesday June 15 2016, @06:05PM
I do! I've been watching Doctor Whom since the Tom Baker years. :)
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:05PM
kys
(Score: 2) by Tork on Wednesday June 15 2016, @10:04PM
Slashdolt Logic: "25 year old jokes about sharks and lasers are +5, Funny." 💩
(Score: 3, Insightful) by RamiK on Wednesday June 15 2016, @05:23PM
Listening to what they've been telling you two years prior to the attack is much harder.
compiling...
(Score: 0) by Anonymous Coward on Wednesday June 15 2016, @06:32PM
if security was bad?
(Score: 1, Insightful) by Anonymous Coward on Wednesday June 15 2016, @06:38PM
The CISO, in most companies, does not generate revenue so they have no pull with board-level personnel, who are mostly sales or accounting. The CISO will, in more cases than not, be subordinate to the CTO, CIO or CFO. Basically, the lowest ranking C-level exec if they are in the C-suite. No matter where you work, never be the lowest ranking person in your peer group. Shit always rolls down hill...
(Score: 2) by archfeld on Wednesday June 15 2016, @08:57PM
I wonder is part of this has to do with the new EMV liability shifts. Businesses that have customer facing technology are now going to held to a much higher level of liability relating to payment systems and a security hole in that could result in millions of dollars of loss that used to be covered by a combination of Visa/MasterCard etc. and insurance. That old bird won't fly anymore and companies are going to be hit in the only place that seems to matter to them, the deep pocketbook. I've never yet been to a big box merchant that even began to follow through with the proper security checks to accept my CC, e.g. verify a signature, or check other ID, or generally even ask questions, or look you in the eye.
For the NSA : Explosives, guns, assassination, conspiracy, primers, detonators, initiators, main charge, nuclear charge
(Score: 1, Insightful) by Anonymous Coward on Thursday June 16 2016, @05:31AM
In the intelligence game, a "cut-out" is an intermediary operator used to protect oneself from consequences. They are easily replaced.
In Silicon Valley, 1099-based contractors, and, more recently, W2-based temporary employees, serve the same purpose.
The CISO serves a similar role - YOUR job is to be held responsible for the failings of the Board so that THEY do not have to resign.
Having trouble wrapping your head around this concept? Think of it as 'scapegoat', or 'sacrificial lamb', if it helps.
The impatience conveyed by the above-referenced article says it all. Your Board is straining at the leash to fire you, from the moment they hire you. It's YOUR fault they can't understand what YOU told them six months ago!
As stockholders grow wiser about technology they are less inclined to accept excuses such as 1099-based contractors and W2-based temporary employees and more likely to demand the head of someone more senior. The stockholders actually want to root out of the problem!
The problem is boards of directors bloated with buddies and cronies and partners and pals from school and the like - all of whom lack the actual technical creds, all of whom make up for it with bloated resumes packed with buzzwords.
What these boards need is experienced engineers - but these same experienced engineers tend to be introverted INTJs who don't really handle realtime conversations so well and decline to get into domination games, hence, are totally unfit for modern American board of directorship.
After watching the Linuxcare debacle back in 2000, I happened to find a copy of a book on duties of corporate directors that one of the Australian employees had given to the CEO, which the CEO had discarded.
I read the book and was fascinated to learn that directors had duties 'n' stuff, and that they were supposed to be held liable, 'n' stuff.
Obviously none of this is happening in America today and it doesn't seem to have happened much for maybe half a century. Larry Ellison is actually a HERO to most of the corporate directors AND managers of Silicon Valley. His exploits incite envy - not disturbance.
Until we fix this - the rule of law - nothing will change.
Under current circumstances, I simply don't trust any board of directors enough to loan them my talents - and I speak as someone who has been doing this for 30 or 40 years - and, you know what, I don't think they want anyone who is outspoken, either, because they definitely don't like hearing the truth.
~childo