《如何引起高管层对网络安全的重视.pdf》由会员分享,可在线阅读,更多相关《如何引起高管层对网络安全的重视.pdf(27页珍藏版)》请在三个皮匠报告上搜索。
1、LDR514|Security Strategic Planning,Policy,and LeadershipGetting the C-Suites Attention for CyberOctober 22,2025LDR514|Security Strategic Planning,Policy,and LeadershipIntroduction2Frank Kim SANS Institute Former CISO Faculty Fellow Curriculum Lead Cybersecurity Leadership Cloud Security Author and C
2、o-Author LDR512,LDR514,SEC540 YL Ventures Former CISO-in-Residence Contact fkimsans.org/in/frank-kim fykimLDR514|Security Strategic Planning,Policy,and LeadershipCyber Leadership3ExecSecurity LeadershipSecurity ManagerTechnical Cyber security requires engagement from all levels of leadershipFocusTec
3、hnology LeadershipExample RolesTechnical DirectorManagerTeam LeadFocusSecurity ProgramExample RolesCISO,CSO,CIO,CIROVP,DirectorFocusBusiness ObjectivesExample RolesBoard,CEO,CFO,CRO,GCBusiness UnitsCIO,CISO,CSO Business knowledge increases as you move up Technology knowledge increases as you move do
4、wnFocusTechnologyExample RolesEngineer,AnalystLDR514|Security Strategic Planning,Policy,and Leadership4Evolution of Security LeadershipGraphic credit:https:/ SecurityOld SchoolIT SecurityNew SchoolRisk ManagementRegulatory,Compliance,Legal,PrivacyBusiness SavvyTechnology FocusBusiness FocusCredibili
5、tyTrustPartnershipLDR514|Security Strategic Planning,Policy,and LeadershipWorldwide Cybersecurity Strategy Requirements 6NIST CSF“Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategyand review and update it at least annually and after major events.”CST“Define requirements
6、for the Cybersecurity Strategy.”SAMA“A cyber security strategyshould be defined and aligned with the Member Organizations strategicobjectives,as well as with the Banking Sectors cyber security strategy.”DORA“The management body shall bear the overall responsibility for setting and approving the digi