4. Strengthen compliance with a unified risk management strategy
CISOs have the most at stake if cited for noncompliance, so they will play a key role in carrying out compliance plans, says Michael Fanning, CISO at Splunk, which specializes in operational intelligence software. “In this regard, they may take an inherently conservative approach, such as limiting where company data is stored.” Yet CISOs shouldn’t try handling this project alone, he warns. “CISOs and CIOs need the help of general counsels to sponsor policy and programmatic approaches and set the organization’s priorities.”
“Together, not only will CISOs, CIOs, and general counsels develop a unified risk management strategy and collaborate on policy, they’ll form cross-functional task forces to monitor regulatory shifts, assess impacts, and implement necessary changes across an organization,” Fanning predicts. “They will also have to work closely on investment strategies, infrastructure decisions, and vendor selection to remain compliant with where certain data can reside,” he says. “These successful partnerships will leverage shared dashboards and reporting tools, which will help everyone stay up to date on compliance and respond quickly to new governance issues.”
5. Establish asset visibility and strong cloud governance
As has been the case for the past several years, a core challenge for CISOs has been achieving comprehensive asset visibility and effective cloud governance, states Jim Broome, CTO at cybersecurity services firm DirectDefense.
