The cycle of quick decision making in cyber security, can be quick! But it relies on one thing:
Aligning all 4 roles with the same goal and ‘How to achieve it’.
In most cases, decision-makers will quickly approve your request for a budget, product… anything you need to keep the company secure and growing if everyone is on the same page.
From my personal experience the CISO, IT, DPO and Compliance usually want the same thing at a hugely Macro level but every one of them has a VERY different path.
Which in a nutshell usually looks something like this:
1. DPO and Compliance will work as BFF’s (Best friends forever 🙂 ).
2. IT and CISO will constantly have challenges mainly on priorities and timelines.
But, a Smart CISO will utilize Compliance and the DPO to get what they want. Whilst a smart IT manager will utilize the CISO and DPO to get all their infrastructure requirements.
As a Cyber Security External Consultant, I usually take a more pro-active approach, I need to quickly understand what is the biggest threat that can unite them all.
For example, when I engage in a cyber security project, the first thing that I do is “gather all of them around the biggest threat.” In recent years the common threat is usually a “Data Breach” (APT, Insider threat, or others). A data breach is a risk that first hurts the entire company but then also hurts each of the above roles specifically.
The best way, from my experience, to gather and unite them is by showing them the HUGE number, and proper figures that the Threat actually puts the company at risk of losing.
For example, I noticed in several companies that most of the key players were not aware that a Data Breach has a Total Threat Loss figure in the hundreds of millions.
Each of them only sees the impact on their department and not the total impact on the entire organization. A good example is the Compliance Officer and DPO’s seeing the regulation fine impact but not fully seeing the Salary loss and Sales Loss impacts.
So my approach is always, unite the team behind the biggest Threat, and then we prioritize all the tasks on how to mitigate the biggest common threat.
Then you can approach the board united and get quick approvals.
Find out your biggest threat to unite them using www.boardish.io
Explain why/how your solutions work, to a non-techy audience.