This book is a Security Leaders’ Guide to aligning with the business. If you are a Chief Information Security Officer (CISO), Head of Security with a similar title, a security manager, or a security team member providing leadership to the business, this book is for you. One of our Rational Cybersecurity interviews illustrated the challenge of a disengaged business.
I’ve seen way too many businesses with disengaged senior management like this. It takes two basic forms: 1) Security’s not considered to be a priority. 2) Or, the organization has budgeted for security, hired staff, and deems it “handled.” Executives delude themselves into thinking they’ve put security first even if in practice it is routinely put way behind other priorities.
We see the second, insidious, form of disengagement even at highly regulated businesses. Staff, even in the security department, are afraid to do anything other than put an optimistic spin on security issues reported up the chain.
Misalignment between security and the business can start at the top or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. As organizations transform themselves into “digital businesses,” they fall under increasing IT-related risk and regulation. Aligning cybersecurity and IT with business leaders and business processes becomes exponentially more important to digital businesses.
I chose to write Rational Cybersecurity for Business because, during my career as an IT research analyst and consultant, I’ve learned that successful cybersecurity isn’t just about the technology, it’s also about the people and organizations. I realized midway through this project, however, that I could write the book for security leaders as the primary audience or for business leaders, but not for both.