SoylentNews is people
SoylentNews
If CISOs don't do a good job of communicating, 59 percent of board members said that the security executives stand to lose their jobs, according to a new survey released today.
"If they're not up to par in the minds of the board, there will be action taken," said Ryan Stolte, co-founder and CTO at Bay Dynamics.
It marks an inflection point in how the boards look at cybersecurity, he said.
Previously, boards looked at breaches as an act of God or natural disaster, he said, or just fired the CISO even if the breach was not something they could have prevented.
"Now they're treating it as a risk management concern," he said. "It's a mind change."
[...] According to the survey, which was conducted by Osterman Research, cyber risk is now a top priority for board members, right up there with financial risk, regulatory risk, competitive risk, and legal risk.
[...] 54 percent of board members said that the data they were getting was too technical, and 85 percent said that IT and security executives need to improve the way they report to the board.
If the reports aren't useful and actionable, 93 percent said that there would be consequences. These included termination, said 59 percent, or warnings, said 34 percent.
(Score: 1, Insightful) by Anonymous Coward on Thursday June 16 2016, @05:31AM
In the intelligence game, a "cut-out" is an intermediary operator used to protect oneself from consequences. They are easily replaced.
In Silicon Valley, 1099-based contractors, and, more recently, W2-based temporary employees, serve the same purpose.
The CISO serves a similar role - YOUR job is to be held responsible for the failings of the Board so that THEY do not have to resign.
Having trouble wrapping your head around this concept? Think of it as 'scapegoat', or 'sacrificial lamb', if it helps.
The impatience conveyed by the above-referenced article says it all. Your Board is straining at the leash to fire you, from the moment they hire you. It's YOUR fault they can't understand what YOU told them six months ago!
As stockholders grow wiser about technology they are less inclined to accept excuses such as 1099-based contractors and W2-based temporary employees and more likely to demand the head of someone more senior. The stockholders actually want to root out of the problem!
The problem is boards of directors bloated with buddies and cronies and partners and pals from school and the like - all of whom lack the actual technical creds, all of whom make up for it with bloated resumes packed with buzzwords.
What these boards need is experienced engineers - but these same experienced engineers tend to be introverted INTJs who don't really handle realtime conversations so well and decline to get into domination games, hence, are totally unfit for modern American board of directorship.
After watching the Linuxcare debacle back in 2000, I happened to find a copy of a book on duties of corporate directors that one of the Australian employees had given to the CEO, which the CEO had discarded.
I read the book and was fascinated to learn that directors had duties 'n' stuff, and that they were supposed to be held liable, 'n' stuff.
Obviously none of this is happening in America today and it doesn't seem to have happened much for maybe half a century. Larry Ellison is actually a HERO to most of the corporate directors AND managers of Silicon Valley. His exploits incite envy - not disturbance.
Until we fix this - the rule of law - nothing will change.
Under current circumstances, I simply don't trust any board of directors enough to loan them my talents - and I speak as someone who has been doing this for 30 or 40 years - and, you know what, I don't think they want anyone who is outspoken, either, because they definitely don't like hearing the truth.
~childo