当前位置:首页 > 报告详情

如何引起高管层对网络安全的重视.pdf

上传人: 可*** 编号:991776 2025-12-07 27页 965.23KB

1、LDR514|Security Strategic Planning,Policy,and LeadershipGetting the C-Suites Attention for CyberOctober 22,2025LDR514|Security Strategic Planning,Policy,and LeadershipIntroduction2Frank Kim SANS Institute Former CISO Faculty Fellow Curriculum Lead Cybersecurity Leadership Cloud Security Author and C

2、o-Author LDR512,LDR514,SEC540 YL Ventures Former CISO-in-Residence Contact fkimsans.org/in/frank-kim fykimLDR514|Security Strategic Planning,Policy,and LeadershipCyber Leadership3ExecSecurity LeadershipSecurity ManagerTechnical Cyber security requires engagement from all levels of leadershipFocusTec

3、hnology LeadershipExample RolesTechnical DirectorManagerTeam LeadFocusSecurity ProgramExample RolesCISO,CSO,CIO,CIROVP,DirectorFocusBusiness ObjectivesExample RolesBoard,CEO,CFO,CRO,GCBusiness UnitsCIO,CISO,CSO Business knowledge increases as you move up Technology knowledge increases as you move do

4、wnFocusTechnologyExample RolesEngineer,AnalystLDR514|Security Strategic Planning,Policy,and Leadership4Evolution of Security LeadershipGraphic credit:https:/ SecurityOld SchoolIT SecurityNew SchoolRisk ManagementRegulatory,Compliance,Legal,PrivacyBusiness SavvyTechnology FocusBusiness FocusCredibili

5、tyTrustPartnershipLDR514|Security Strategic Planning,Policy,and LeadershipWorldwide Cybersecurity Strategy Requirements 6NIST CSF“Leaders direct the CISO to maintain a comprehensive cybersecurity risk strategyand review and update it at least annually and after major events.”CST“Define requirements

6、for the Cybersecurity Strategy.”SAMA“A cyber security strategyshould be defined and aligned with the Member Organizations strategicobjectives,as well as with the Banking Sectors cyber security strategy.”DORA“The management body shall bear the overall responsibility for setting and approving the digi

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
本文主要讨论如何获得高层对网络安全关注的方法和策略。关键点如下: 1. 网络安全需要各领导层的参与,技术知识与商业知识并重。 2. 安全领导力演变:从传统IT安全转向风险管理和业务洞察。 3. 引入3D蓝图(Decipher, Develop, Deliver)以成功担任CISO角色。 4. 建立信任、伙伴关系和可信度是向董事会汇报的关键。 5. 使用策略地图和网络安全风险地图,展示安全如何服务于业务战略。 6. 业务创新方法强调将安全视为利润中心,而非成本中心。 7. 提出了影响网络安全的外部因素,如政治、经济、社会和技术。 8. 使用工具和框架(如Cyber Framework Formula和成熟度模型)吸引高层注意。 核心数据引用: - “Cybersecurity Leadership Triads”涉及技术、风险管理、事件管理等课程。 - “Count Revenue Cost Reason”方法论帮助量化安全投资与业务收益。 - “NIST CSF”和“CST”等框架指导制定网络安全战略。 文章强调网络安全在高层领导中的重要性,并提出具体策略和工具以提升其关注程度。
"CISO成功蓝图揭秘" "如何让董事会重视网络安全?" "CISO如何用数据说服高管?"
客服
商务合作
小程序
服务号
折叠