CEO Tom challenged Maria, his chief information security officer (CISO). “I’m told ISO 217001 has at least 10 categories of operations and communications requirements relevant to cyber risk. But I want you to boil it down. Are we confident we understand how the threat landscape in the digital world applies to our organization and strategy and how to mature our prioritized operational cybersecurity capabilities around this?”

Do You Know What You Do Not Know?

Big Data. Smart devices. The Internet of Things. Robotic process automation. Behavioral analytics. 3D printing. The increasing digitization of your organization is yielding rewards in efficiency and cost-effectiveness. What is not as clear are the increasing risks that these advances are bringing to your organization’s operations.

You should understand these risks, and how to prevent them from damaging your organization. You need insight into not only the vulnerabilities of your IT systems, but to the data those systems produce, looking deeply into your organization environment. You have to gain fluency in the current portfolio of threats, how they are detected, and what strategies your organization needs to follow in order to treat them.

You may be tempted to assign responsibility for this effort with your information security ...