Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 27 June, 2022
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

5 ways CEOs can create a culture of improvement vs blame when it comes to cybersecurity

by The Gurus
April 3, 2018
in This Week's Gurus
Share on FacebookShare on Twitter

For those of you who haven’t come across one yet, I have written a series of articles recently focused on CEOs. In these articles I have been looking at a number of questions a CEO should be asking when thinking about the cybersecurity stance of their organisation. So far, I have discussed the importance of critical data encryption, safety programmes, and how to create a healthy company culture towards cybersecurity, among other topics. In this article, I will discuss why organisations should have an ongoing, continuous assessment plan.

Continuous improvement seems like common sense for any function but after meeting with teams all over the world, I can say it isn’t that common. For a security function to be successful, there should be a process for continuous improvement. This could arguably be the trait that separates successful programmes from ones that aren’t. Too often, security becomes rigid without a loop for improvement.

As your organisation grows and evolves, so must your cybersecurity program. Risks, threats and vulnerabilities change over time. Business models change. All of these factors matter for a programme to evolve and constantly improve.

 

The inputs to security assessments vary and can be built internally. There are also plenty of qualified external entities that can help assess the programme and put a plan in place for continuous improvement.

 

What are the five steps to creating a culture of continuous improvement?

 

  1. Set goals for excellence and measure against them.

 

For cybersecurity to be successful, the mission of the programme, goals, and success metrics should be agreed upon and reported on regularly. Maturing your programme will take a steady hand and patience at your level. Changing missions or strategies too often is a sure way to miss any security goal you have.

 

  1. Eliminate fear

 

For continuous improvement to be successful, your organisation needs a culture where failure is OK. If your employees are afraid to bring up issues, you will never improve. Employees also need to feel like management is addressing failures when it occurs. Having a great process in place with a feedback loop to improve will ensure a culture that minimises fear and maximises improvement. It’s also amazing for employee engagement.

 

  1. Actively manage the process

 

As with any process, continuous improvement should be managed. The outputs of managing this process may include both tactical and strategic efforts. Your team should have a process to manage and report up to appropriate levels on these efforts.

 

  1. Train and develop leaders with the same mindset for improvement

 

Leaders in your organisation should be trained on improvement techniques and best practices. They should also be rewarded for offering improvement suggestions and, more importantly, for executing on the efforts needed to improve. These types of employees and leaders should be developed and retained to maximise the continuous improvement cycle at your organisation.

 

  1. Focus on fixing, not blaming

 

Far too often, we see CISOs and cybersecurity leaders being blamed and/or replaced as the result of a failure. This has to stop. What other function in an organisation is held to the standard of needing to be 100% right all of the time? In almost every case, a breach is systemic and there are multiple points along the timeline that lead to the breach.

Creating a culture that focuses on improvement versus blame will create a ripple effect in your organisation allowing leaders to operate more freely. Things will happen. Acknowledge that failures will happen. Acknowledge that people will make mistakes. It’s not what happens when someone makes a mistakes or when something fails but how your organisation responds. Cybersecurity isn’t about perfection. It’s about failing fast, iterating, and constantly improving.

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweetShare
Previous Post

No Room for Cyber-Complacency: a Quarter of DDoS Attacks Claim Unintended Victims

Next Post

How Remote Browser Isolation Can Protect Your Endpoints from the Danger of Zero-Day Exploits

Recent News

Jim Dolce

A conversation with Jim Dolce, CEO of Lookout

June 24, 2022
Picture of the US capitol building

Biden signs cyber bills into law

June 23, 2022
Person using blue laptop next to coffee cup

Microsoft Office 365 Feature Could Help Ransomware Attackers Infiltrate Cloud Files

June 23, 2022
Lines of Code

Chinese Hackers Distributing SMS Bomber Tool with Malware Hidden Inside

June 23, 2022

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2021
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information