A CISO SHOULD NOT BE A CRY WOLF

In October, the CEO of the PostNL has delivered a report to the Dutch Prime Minister, with recommendations to improve general cyber security in the Netherlands. Two years ago, ICC Belgium and FEB delivered 25,000 copies of the the Belgian Cyber Security Guide to the CEOs of Belgian companies. Communications is vital for us CISOs and CIOs to secure the required funds for implementing cyber strategies.

Secure our cultural legacy

That strategy is to secure our cultural heritage, our legacy. It’s a major change we have ahead of us. But we need the buy-in from the top to get the change done. Our role is to show that protection is necessary.

In our previous post, AMS professor Yuri Bobbert already encouraged CIOs to make the magnitude of cybersecurity more explicit to their company’s board. He strongly advises to report on the number of attacks you face, but also on the number of viruses that you stop. The business expects that proactive approach.

Cyber security as part of risk management

In this whitepaper, the Antwerp Management School analyzed twelve annual reports and how IT governance and risk management contribute to the success of their organization. “When you reach that level, the discussion on the cost of cybersecurity evaporates. Board members don’t want their face in the newspapers, they want to protect their reputation”, Bobbert explained.

The CIO advisory Board for the European council believes that CISOs should be under the umbrella of the Chief Risk Officer, too. That leaves us with the question: where to place the CISO in our organization?

Our friends at the American National Institute of Standards and Technology (NIST) recently issued a study on security fatigue, which “can cause computer users to feel hopeless and act recklessly”. Marc Vael, president of ISACA Belgium, believes we should not overplay our hand: “People get fed-up with others telling them what they are not allowed to do. We have to be careful about how to position security. Scare tactics don’t work so let’s not become the annoying cry wolves. Security should be an enabler.”

In the automotive industry for instance, Volvo is investing a lot in security by design. There’s a strong focus on safety that the technology world could embrace. As CIOs we should encourage our vendors to integrate it in the software and hardware development. Security is going through a transition to become more native, and we can help to accelerate it.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
swpm_session	session	This cookie is set by the Simple WordPress Membership Plugin. This cookie is used for membership login session and to provide access to the protected content on the website.This cookie keeps the login records so user don't want to authorise each time while moving to next page.
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.

Cookie	Duration	Description
vuid	2 years	Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos to the website.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.