CISOs (Chief Information Security Officers) are a 'special breed'. While the rest of the organisation focuses on opportunities, new technologies, and more data, the CISO often needs to act as the break. Because these opportunities, technologies, and data collections might be ground-breaking, but are they safe? It is the responsibility of the CISO (or the CIO, the Chief Information Officer, depending on the company) to help ensure that they are. And in order to do so, they need a different way of thinking. Which sometimes seems to make them stand alone in their own organisation.
Fortunately they have each other. Many CISOs meet countless other CISOs - but usually within their own sector. Bank CISOs meet other financial CISOs. Ministry CISOs meet other government CISOs. And usually they meet on the problems of the day. Because there are many problems of the day.
High Level CISO/CIO Meetings
To empower the CISO just a bit more HSD Office organised three high level CISO/CIO meetings in 2018. Three afternoons where small and diverse groups of CISO/CIOs came together to discuss a common theme, to get out of the daily routine and focus on issues that are just as important but usually not on the daily agenda.
Main topic was: What to do if your current security fails? To use a Dutch analogy: In the arms race between attackers and defence we keep raising the dikes. But the water raises faster. How do we prepare for the flood? An acute theme, especially after the outbreak of NotPetya.
And then it turns out that security is not just about technology. It is about robustness. Cyber crisis preparedness. Having the processes in place to guarantee your core business stays afloat despite an indeterminate absence of ICT.
The meetings, following the Chatham House rule, allow the CISOs and CIOs to dig deeper, to reflect on their common problems, to actively help each other find new ideas, new solutions. The group size leads to trust. The different backgrounds lead to plentiful ideas. They went beyond the problem at hand. Not only did they make steps toward preparedness, they also inventoried other interesting themes. Some of the common issues were education, information exchange, and SOC sharing. These and other issues may be topics for future meetings.
Follow-up in 2019
The current CISO/CIO groups unanimously decided to continue their meetings, and HSD Office plans to set up new groups and new themes in 2019. Should you be interested in being part of one of these groups, let us know! Please contact HSD Innovation Liaison Peter Zinn.