The Cost of Convenience in Cyberspace is Eternal Vigilance Against Compromise Ourworldismorelinkedthanithaseverbeen,and
thereisanincrediblequantityofdataand informationavailableonline.Althoughthereisno denyingthatthisinterconnectionhasledtoamazing developmentsandconveniences,ithasalsoexposedusto fluctuationsandnewhazards.Thegrowingadvancementof technologyhasmadecyberattacksinevitable,thusmaking itimperativeforbothindividualsandcorporationsto prioritizecybersecurityasacriticalbusinessrequirement.
Consequently,thedigitalizationofourdailyliveshasnot onlyrevolutionizedthewayweworkandcommunicatebut hasalsogivenrisetoanexpandingglobalcyberthreat landscape.Notechnologyorpieceofinformation connectedtotheinternetisimmunetopotentialbreaches. Asourdependenceontechnologygrows,sodoesthe sophisticationofcyberthreats,rangingfrommalwareand phishingattackstoransomwareandsophisticatedhacking techniques.
Thefieldofcybersecurityisexpandingswiftly,makingit somewhatchallengingtostayuptodatewithallthenewest advancementsandapproaches.Recognizingthischallenge,
TheCIOWorldbringsaneditiontitled“TheMost InfluentialCISOsoftheYear2024,”showcasingleaders incybersecuritywhohaveproventobeexceptionally skilledataddressingtheconvolutedandperpetuallyshifting disciplineofcybersecurity Theseleadersactasrole models,exhibitingnotjusttheirtechnologicalproficiency butalsotheirstrategicvisionforprotectingcompaniesfrom cyberattacks.
Haveagoodreadahead! CIO
-AlayaBrown Managing Editor
Engr. Harrison Nnaji Ph.D. Charting the Course for Cybersecurity Excellence
James Tewes
Transforming Businesses for Greater Value Sawan Joshi Guardian of Digital Frontiers
Stuart Walsh Guardians of Data Integrity
Tariq Al-Shareef Cybersecurity Visionary and Global Contributor: Safeguarding Saudi Arabia’s Cyber Frontlines
Metrics Every CISO Should Track
Measuring Cybersecurity Effectiveness
The Human Factor
Addressing Insider Threats in Cybersecurity for CISOs
Empowering Organizations with Strategic Vision and Unyielding Security!
Inthedynamiclandscapeoftoday’sdigitalage, safeguardingsensitiveinformationanddigitalassets hasremainedaparamountconcern.Theescalationof cyberthreatsnecessitatesvisionaryleaderswhopossessa deepunderstandingofcybersecurityintricaciesalongwith thestrategicforesighttopavethewayforexcellence.
MeetDr.Engr.HarrisonNnaji,adistinguished professionalwithanimpressivearrayofqualifications, includingfourMastersdegrees,aPh.D.,andanextensive listofcertifications:CCISO,CISM,CEH,CCNP,CCSP, CISSP,MoR,andTOGAF9.Withover17yearsof experience,hehasearnedareputationasatrailblazerinthe fieldsofcyber,data,andinformationsecurity.Hisjourney hasbeenmarkedbyconsistentsuccessesinsteering organizationstowardsresilientsecuritymeasureswhile optimizingresourcesformaximumimpact.
Harrisonisn’tjustknownforhiscybersecurityexpertise; he'saprominentfigurewhogenerouslyshareshiswealthof knowledgewithoutreservation,particularlyinareassuch as:
Leadership:Harrison'sleadershipskillsareevidentinhis abilitytoguideteamsandfosterunity,notjustinsecuring systemsbutinbringingdiversegroupstogethertowards achievingcommongoals.
Motivation:Hiscommitmenttoexcellence,evidentinhis pursuitofcontinuousprofessionaldevelopment,servesas motivationforthosearoundhim.Healsoregularlyshares motivationalnuggetsacrossdifferentchannelstokeephis followershipengaged,coached,andguided.
CareerSuccess:Withatrackrecordoftransforming challengesintoopportunities,Harrisonhasconsistently deliveredyear-over-yearimprovementsinkeymetrics, cementinghisroleasatransformationalforce.
Entrepreneurship:Hisstrategicacumengoesbeyond traditionalroles,ashehasdemonstratedanentrepreneurial spiritinhisabilitytoengineer,design,anddeliversecurity solutionsthattranscendindustryboundaries.
HarrisonNnajiistheGroupChiefInformationSecurity Officer(CISO)atFirstBankNigeriaLtd.andIts Subsidiaries,wherehisinfluenceextendsfarbeyondhis formaltitle.HoldingadegreeinElectricalandElectronics Engineering,aMaster’sinProjectManagement,M.Phil.in Management,anM.Sc.inSecurityManagement,and anotherM.Sc.inCyberSecuritymajoringinCloud Security,hepossessesaformidableskillset,knowledge, andexperience.Hisunwaveringcommitmenttoethical standardsandintegrityareevidentineveryfacetofhis work.
Harrison’slegacyisbuiltonhisabilitytoseamlessly engineer,design,anddeliversecuritysolutionsthat transcendindustryboundaries.Hisexpertisein internetworking,ITgovernance,infrastructure architectures,peoplemanagement,emergingtechnologies, strategyformulationandexecution,andITdelivery managementhasbeeninstrumentalinfosteringholistic improvementsinthecybersecuritylandscapes.
Adiplomaticvirtuoso,Harrison'snaturalaffinityfor buildingrelationships,persuadingstakeholders,and fosteringconsensussetshimapartasaleaderwhonotonly securessystemsbutunitesteams.Hisjourneythrivesina fast-paced,multicultural,andmultilingualarena,where challengesfuelhisgrowth,andhisdedicationtocontinual professionaldevelopmentispalpableineveryendeavor
Under his leadership, working with all stakeholders to harmonize emerging technologies and secure computing practices have been nothing short of exemplary. His ability to turn challenges into opportunities has led to remarkable
year-over-year improvements in key metrics. Hispursuitof excellenceremainsunwavering,ensuringthatloyalty, productivity,andprofitabilityareconstantcompanionson hisjourney TheseachievementshaveearnedHarrison Nnajithetitleof“The Most Influential CISO of the Year 2024,”anawardbestowedbyTheCIOWorld,a prestigiousglobalmagazinededicatedtosharingthe inspiringandtransformativestoriesofprofessionalsand leadingbusinessesworldwide.
Below are the highlights of the interview:
UnleashingStrategicVision:HarrisonNnaji'sImpact onToday'sSecurity,Tomorrow'sPossibilities
HarrisonNnajiisanaccomplishedDataandInformation SecurityStrategist&Practitionerwith17+yearsofsolid experienceintheconception,engineering,design,delivery, operation,andoptimizationofcyber,data,andinformation security,riskmanagement,networking,IToperations,and projectmanagement.
Hehasachievedrepeatedsuccessesinleading cybersecuritystrategiesandsecurecomputingpractices withbothemergingandestablishedtechnologies/processes, surpassingmaximumoperationalimpactswithminimum resourceexpendituresacrossdiverseindustries,including Banking, Telecommunications, Distribution, Original Equipment Manufacturers (OEMs), and Service Integration.
Hisproficiencyextendstoareassuchasinternetworking, contractmanagement,ITgovernanceandprocesses,IT portfoliomanagement,infrastructurearchitectures,andIT deliverymanagement.Harrisonpossessesstrongdiplomatic skills,anaturalaffinityforcultivatingrelationships,anda talentforpersuading,facilitating,andbuildingconsensus amongdiverseindividuals,allwithanundilutedfocuson primeobjectives.
Thrivinginafast-paced,multicultural,multilingual,and multifacetedarena,Harrisonembraceschallengesas opportunitiesforcontinualprofessionalgrowth.Heis currentlycompletinganotherPh.D.inOffensiveCyber Engineeringtodeepenhisknowledgeofthecontinuous changesinthecyberthreatlandscapeandtheimpactof theemergingtechnologies.Harrison'sdiversecapabilities translatetoimmediatevaluewhileupholdingprevailing ethicsandstandardsforintegrity,dedication,teamwork, productivity,profitability,andexcellence.
Visionary:FromEngineeringtoCybersecurity Leadership Priortohisacademicpursuits,Harrisonembarkedona careerinNigeria,fulfillinghisnationalyouthservice requirements.Hegainedvaluableexperienceworkingfor Telnet,apremierITsystemsorganizationinthecountry, whereheservedasanITSupportEngineer.Thisrolefueled hispassionforinformationtechnologyandallowedhimto witnessvariousITinteractions,interventions,and troubleshootingprocesses.
Takingadvantageofthisopportunity,Harrisonbeganto develophisskillsinITalongsidehisengineering background.HeobtainedtheCiscoCertifiedNetwork Associatecertificationevenbeforehisgraduationfromthe nationalyouthserviceprogram.Impressedbyhis performance,TelnetNigeriaLtd.decidedtoretainhis servicesasaNetworkSupportEngineer,andhecontinued workingforthecompanyaftercompletinghisnational youthservice.
WithinTelnet,Harrisonexpandedhisknowledgein informationtechnology,focusingonnetworkingand networktechnologiesatasubsidiarycallediTECO.He thereafterjoinedanewcompany,ReddingtonNigeriaLtd, AVAD(ValueAddedDistributor)astheCiscoPre-sales Engineer Thisopportunityexposedhimtosales,marketing, contractclosure,partnermanagement,andcontract management,whichsignificantlyenhancedhiscustomer engagement,peoplemanagementskillsandbusiness acumen.
DuringhistimewithReddingtonNigeria,whereheworked onvariousprojectsandprospects,Harrisonreceived anothercareeropportunitytojoinAirtelNigeriaLtd.a telecommunicationcompanyasanITSecuritySpecialist, shiftinghisfocusfromnetworkingtosecurity Thisrole exposedhimtotheAirtelGroup’spracticesandfurther expandedhisexperienceinthetelecommunications industry.
HebeganworkingforIBMin2011asamanagerof infrastructureandnetworksecurity.Hetookon responsibilityfornetworkingandsecuritycomponents whilesupportingmultipleprojectsatIBM.Drivenbyhis willtoimprovehisabilities,experiences,andknowledgeas wellashiswillingnesstotakeonnewresponsibilitiesfor morevaluecreation,Harrison'scareerkeptdeveloping.
ThisdriveledhimtopursueaMaster’sDegreeinProject Management,enablinghimtocontributemoreeffectivelyto majorregionalprojectsatIBM.
Inpursuitofhispassionfororganizationaltransformation anddigitalization,Harrisonseizedanopportunitytojoin UBAPlc–amajorPanAfricanBank,asthepioneerHead oftheirEnterpriseSecurityDivision.Duringhistenure,he focusedonbuildingsecuritystandardsandarchitectureand implementingmeasurestomitigatecyber-attacksandfraud. Hisexpertiseintechnologymanagement,practices,and regulationsplayedacrucialroleindrivingUBA’sdigital andcyberdefensetransformation.
Ashiscareerprogressed,Harrisoncontinuedtoacquire knowledge,experiences,andskillstostayahead.He pursuedadditionalmaster’sdegrees,thistimefocusingon security,managementandcloudtechnologies.Recognizing thepotentialofcloudadoption,hedelvedintocloud securityandcloudtechnologytoensurewell-informed decision-making.
Drivenbyadesiretoremainatransformationalleader,he pursuedaPh.D.inManagement,Leadership,and OrganizationalStrategyatWaldenUniversity.This advanceddegreeequippedhimwiththenecessarytoolsto driveorganizationaltransformationandmaximize opportunitiesforvaluecreationatscale.
TransformingIndividualsandOrganizations Manychallengeshavebeenencounteredandaddressedin college,leadingtopersonaltransformationfornumerous individuals.Harrisonhasplayedaroleintransforming thosewhoworkwithhim.Additionally,hehasspokenat variousregional,local,andglobalconferences,even participatinginmajorconferencesasaspeaker,panelist,or moderator
However,thefocusremainsonacquiringsufficientrelevant knowledgeandunderstandingoftheterrainandpotential threatstoeffectivelymitigatecyberrisksandrelatedthreats whilemaximallypromotingandprotectingthebusiness aspirations.Intermsofcybersecurityanditsassociated concerns,Harrisonoffersuniquesellingpropositions, precautionarymeasures,andcomprehensivesystemsto ensuretheprotectionofbothcustomersandclients. Harrisonchampionedthedevelopmentofintricatesystems, architectures,andstrategiestocontinueservingall
customerswithminimalexposuretorisks.Recordsshow thatnecessarystepsarebeingtakentosafeguardthe customersandmaintaintheirsatisfaction.
Harrison'sGuidetoNavigatingCyberRisks Intheworldofmanagingcyberrisks,Harrisonisaleading expert. He wants us to know that dealing with cyber risks is an ongoing journey, not a one-time project. Heknowsalot aboutthistopicandmakesiteasytounderstand.
Harrisonsaysthatcyberrisksarenotjustabouta company’sreputation.Theyareaboutprotectingimportant assets,adoptingenrichingpractices,andstoppingthreats effectivelydefendingagainstcyberthreats.Tomakeagood planforcyberrisks,hesaysyouneedtoknowwhatyour businessisabout.Thiswillimprovethechancesoffinding andprotectingimportantassetslikesystems,people, contracts,ideas,andpartnerships.Harrisonalsotalksabout howevenifyouuseproductsandserviceswithoutknowing whomadethem,youstillneedtokeepthemsafeby applyingyourpersonalcyberhygienepractices,hedoesn’t onlytalkaboutcyberrisks.Healsotalksaboutother problemslikefraudandweaksystems.
Whensomethinggoeswrong,hehasideasonhowtofixit. Hetalksaboutusingatechniquecalledheatmappingto understandthestateoftheecosystem,categorizethe issues,andunderstandwhattofixfirst.Healsowants companiestoplanfortheshort,medium,andlong-termto keepgettingbetter.Harrisonsaysweshouldn'tignoreold problemswhenwefacenewones.Everyvulnerability shouldbetrackeduntilclosureisvalidated.
Mostimportantly,hewantsustoknowthatdealingwith cyberrisksisalwayschangingandchallenging.Weneedto payattentionandbereadytoprotectourbusinesses consistentlyandcontinuously
UnderstandingBusinessandCybersecurity Harrisonknowsalotabouthowbusinessandcybersecurity worktogether.Hesayseachbusinessisdifferent,sotheir cybersecurityplansandpracticesshouldbetoo.
Harrisontalksaboutdifferentwaysbusinesseswork,like peopleworkingfromhome,ontheirphones,orpursuing differentbusinessaspirations.Hesaysweneedtohirethe rightpeople,andbecareful—thatweshouldhavegood practicesandfollowthem.
Technologyisabigpartofcybersecurity,andheknowsit. Hewantsustoprotectthingslikecomputers,networks,and datacenters.Weneedtobecarefulwithdataandcontrol whocanaccessthem.
Trainingisimportant.Peopleneedtoknowwhattodoto staysafe.Andwhensomethingbadhappens,weneeda plantofixit.Wealsoneedtotalktothepublicifsomething goeswrong.Hiringothercompaniestohelpwhen necessaryisadvisable,butweneedtomakesuretheyfit ourbusinessandkeepcontrolin-house,saysHarrison.
MakingaBigImpact Harrisonhasprovenhimselftobeavaluableassettoboth individualsandbusinesses,bringingalotofpractical benefits.
Hisimpactisevidentinvariousaspectsoflife.Moreover, throughhisextensiveLinkedInnetwork,hegenerously shareshisvaluableknowledgewiththecommunity, engagingineventsandcollaborations.Hisinvolvementin cybersecurityrule-makinggroupshighlighthiscommitment totheindustry’sgrowth.
Harrisonearnedthetitleof“CISOoftheYear”inacertain regionofAfrica,afacthekeepshumbleandprivate.His intelligenceshinesthroughinreal-lifescenarios,suchas thwartingcyber-attacksoriginatingfromdifferentcountries. Hisactionsaredrivenbyimportanceratherthanawards, underscoringhisgenuinenature.
Harrison’stopadviceinvolvesthoroughplanningand continuouslearning.He’sadeptatsettingambitious objectivesandgleaninginsightsfromthem.Hisaspiration isforpeopletobewell-preparedforfreshopportunitiesand thechallengestheybring.
GreatAdvicefromHarrison HarrisonfrequentlygetsaskedaboutbecomingaChief InformationSecurityOfficer(CISO).Hestressesthe significanceofacquiringtherightskillsandbeingopento continuouslearning.
Accordingtohim,it’sessentialnottosolelyfocusonthe jobtitle.Instead,herecommendsgainingastronggraspof cybersecurity,especiallyintherealmofinfotech.This broaderknowledgeequipsindividualstohandlevarious tasks,notjustone.Harrisonadvisescreatingaskill checklistandworkingonacquiringthoseskills.This approachenhancescapabilitiesandtheoveralljob performance.
Inaddition,hediscussesthebenefitsofsettingupa personalhomelab.Heseesthisnotonlyasapractical endeavorbutalsoasameansofcontinuouslearning.He believesthatongoingeducationiscrucialforpersonal improvementandknowledgeenrichment.Hisconcepts carrysubstantialvalueandextendaidtonumerous individualsandbusinesses.
DedicatedPursuitofPersonalandProfessional Excellence:AGlimpseofHarrison'sAchievements
Throughouthisjourneyofpersonalandcareergrowth, Harrisonhasdedicatedhimselftoadiverserangeofcourses thathaveenrichedhisknowledgeandskillset.These coursesspanacrossvariousdomains,eachcontributingto hisexpertiseandcommitmenttocontinuousimprovement:
1.Accounting&Finance
2.BusinessEconomics
3.ComputerApplication/InformationTechnology
4.ContractLaw
5.CostManagement
6.DesignManagement
7.DevelopmentEconomics
8.EffectivePresentationandCommunicationSkills
9.Human&IndustrialRelations
10.Industrial&LabourLaw
11.Nature&ContentofProjectManagement
12.Negotiation
Hiring the right individuals and conducting thorough background checks are crucial cybersecurity measures. Insider risks pose a considerable threat, and organizations must be cautious about who they bring into their teams.
13.OrganisationalBehaviour
14.ProcurementMethods
15.QuantitativeMethods&SimulationsStudies
16.ResourceManagement
17.ResearchMethodologyandProjectReport
18.TimeManagement
ThesecomprehensivecoursesnotonlyshowcaseHarrison’s commitmenttolearningbutalsohisdeterminationtoexcel invariousfacetsoftheever-evolvingfieldsoftechnology, management,andcybersecurity
HonorsandAwards–Harrison’sdriveforexcellence hasn'tgoneunnoticed,ashehasreceivedmultiplehonors andawardsforhiscontributionsandachievements:
• 9CommendationLettersforVariousExceptional ContributionsTowardstheachievementofthe Bank’sBusinessAspirationsIssuedbyUBAPLC.
• IBMManager’sChoiceAwardIssuedbyIBM·Dec 2013
• AwardforExcellentServiceDeliveryIssuedby HamidHusain:ChiefInformationOfficer,ZAIN Nigeria.Jan2009·Jan2009
• AwardforExcellentServiceDeliveryIssuedby JohnAyo:ChiefInformationOfficer,CeltelNigeria Ltd.Mar2008·Mar2008
• CISOoftheyearaward-FinnovexWestAfrica Awards,2022
• FirstBankHeroAward-FirstBankAnnualMerit Awards,FAMA2020,2022
Theseaccoladesreflectnotonlyhisdedicationbutalsohis tangibleimpactontheorganizationshehasbeenapartof. Harrison'sjourneyischaracterizedbyarelentlesspursuitof knowledge,anunwaveringcommitmenttoexcellence,and aprofoundimpactontheorganizationshehasserved. His achievements, both in terms of educational pursuits and professional recognition, stand as a testament to his passion and determination in the fields of technology, cybersecurity, and management. Therearemanymore highlightsonHarrisonNnaji’sLinkedInprofile.
TestimonialsfromProfessionalswhohaveworkedwith Engr.HarrisonNnaji,Ph.D.
JacxineFernandez-VPofInformationSecurityat BangaloreInternationalAirportLtd.:
“IhadtheprivilegeofworkingcloselywithHarrison duringtheWestAfricaITLANZoningprojectforAirtel. Harrison’sattentiontodetail,technicalexpertise,and
exceptionalprojectmanagementskillswere instrumentalintheproject’ssuccess.Henotonly troubleshootedeffectivelybutalsosoughtcontinuous improvement,demonstratinghiscommitmenttoexcellence. Harrison'swell-roundedprofessionalismmakeshiman assettoanyorganization.”
UchechukwuNgonebu-ProjectDirectoratHuawei:
“HavingworkedwithHarrison,Icanconfidentlysayhe’sa highlydetailedprofessional,particularlyinNetwork&IT SecurityManagement.Hisdeepknowledgeofinternetworkplatformsisasignificantassettoanycompany hecollaborateswith.”
FredEkete-Lead,QualityAssuranceandToolsat AirtelNigeria:
“ThroughoutmyinteractionswithHarrisonoverthepast7 years,Ihavefoundhimtobetransparent,diligent,and honest,andhisintegrityiscommendable.Iwouldn't hesitatetorecommendhimtoanyorganizationthatvalues thesequalities.”
SunnyBirdi-Entrepreneur:
“Harrison'sdedicationduringtheIBM/Airtel partnershipwasexceptional.Hedemonstratedamultiskilledandforward-thinkingapproach,effectively managingbothinternalandexternalstakeholders.His businessacumenandleadershipskillsarehighly commendable.Harrisonisundoubtedlya5-starplayer,and Iwholeheartedlyrecommendhim.”
Embracing the Joy of Turning Around Struggling Ventures and Constantly Striving for Improvement!
Thinkaboutatimewhenyoufacedaformidable challenge.Didyounotemergefromthatexperience stronger,wiser,andmoreresilient?Challengeshave anincrediblecapacitytofosterpersonalgrowth.They compelustodelveintoourinnerresources,tapintoour creativity,anddiscoverstrengthswemightnothaveknown existed."Canabusinesstrulythrivewithoutfacingand overcomingchallenges?Istherejoyinsmoothsailing,oris itinthestormthatwediscoverourtruecapabilities?"
ThesearethequestionsthatresonatewithJamesTewes,a seasonedprofessionalwhosepassionliesnotinthecomfort ofwell-establishedenterprisesbutinthethrillofturningthe tidesforstrugglingbusinesses.
AstheChiefInformationSecurityOfficeratGreengage, heembodiesthespiritoftransformation.Heshares,"Ioften honestlyhavefoundenjoymentinallthesectorsthatIhave workedin,butitmustinvolveachallenge.Comingintoa businessthatisalreadyworkingandfunctioningwelldoes notinterestme."Forhim,theallureliesintheprospectof revitalizingastrugglingenterprise,whetherit'saddressing aginginfrastructure,modernizingsecuritymeasuresafteran auditrevealsvulnerabilities,orevenbuildingabusiness fromthegroundup.
TheheartofJames'sprofessionalsatisfactionliesinthe processofturningabusinessaroundandaddingsubstantial value."Whatmakesmehappyandgivesmethereasonto getupandworkiswhenIcanturnabusinessaroundand addconsiderablevalue,"heemphasizes.
Nevercontentwithmerelymeetingtherequirements,heis knownforseekingopportunitiestoenhancebothhimself andtheprojectsheundertakes.Hisapproachisstructured,
andmethodical,andgoesbeyondtheordinary."Ihave neverbeensomeonewhowashappysimplytodowhatwas neededandnomore.Iwouldalwayslookforwaysto improvebothmyselfandtheprojectorenvironmentthatI amworkingon,"henotes.
Constantlyrefreshinghisskillsanddelvingdeepintothe productsheworkswith,Jamesexemplifiesacommitment toexcellenceandarelentlesspursuitofimprovement.His journeyatGreengageisnotjustaboutsecuringinformation; it'saboutfortifyingbusinesses,navigatingchallenges,and turningadversityintotriumph.Intheworldofbusiness alchemy,heisthemaestroorchestratingthetransformation ofchallengesintoopportunities.
Below are the interview highlights:
CouldyoupleaseelaborateonGreengageandits inceptionstory?
Greengageisadigitalfinancepioneerthatprovidesa platformofrelationship-basede-moneyaccountservicesto SMEs,high-net-worthindividuals,anddigitalassetfirmsto thehighestethical,secure,andcompliancestandards. Alongsideouraccountservices,weprovideclientsaccess
toaB2Blendingplatformofferingdigitalsourcesof money.Ourtailoredservicesaredeliveredbypeople, empoweredbytechnology.
Greengagewasfoundedin2018,andwenowhaveover30 staffandexcellentclientfeedback.Weembracenew technologyindigitalassetsandourcorepropositionasa meanstoaddvaluetoourclientsintheirday-to-day endeavors.
ThroughFounder’sEyes: Sean Kiernan is the Founder and CEO of Greengage, and they set up the firm with a view to building a service-led organization to support our clients in navigating the bridge between traditional financial services and digital innovation. Sean has extensive experience in financial services, having worked in various executive management positions. He founded Greengage after working at the first bank in the world to offer crypto products to clients, Falcon Private Bank, where he served as the COO and interim CEO of the London operation until he left to establish Greengage. Prior to that, he held management positions at Clariden Leu, a division of Credit Suisse, and Zurich Financial Services. Mr. Kiernan has an MBA from the University of St. Gallen and a BSc from Georgetown University
Canyousummarizeyour28yearsofexperiencein infrastructureandcybersecurity,emphasizingkey achievements?
Throughoutmycareer,whichbeganattheageof17,I've hadtheprivilegeofworkingforesteemedcompaniesand collaboratingwithexceptionalcolleaguesonexcitingand challengingprojects.Notably,afewmilestonesinclude:
London2012OlympicsandParalympics:Workingonthis projectwasauniqueprivilege.Thehighvisibilityand pressureduringthisglobaleventrequiredquicklearning andproblem-solving.Iidentifiedandresolved environmentalissuespromptly,ensuringasmooth operationoftheinfrastructureduringthelivegames,which hadaglobalviewershipexceeding3billion.
Theprojectinvolvedmanagingover10,000serversand workstationsand8,000users,spanningstaticcore infrastructureanddynamiceventlocations.Teamsworked aroundtheclock,addressingcriticalchangesandfixes duringthelivegamesandexecutingplannedchangesat nighttoprepareforthefollowingday'sevents.
BritishPetroleum(BP):AtBP,asignificantachievement wascontributingtothedatacenterconsolidationproject. Thisinvolvedbuildingprimaryandsecondarydatacenters inLondonanddecommissioningallEuropeandatacenters. Myroleinbuildingtheinitialcoreserverinfrastructure facilitatedthemigrationofapproximately40,000servers, significantlyreducingthephysicalserverfootprintthrough virtualization.
HarrodsBank:Initiallyhiredasaconsultantfor infrastructurerefresh,Iplayedacrucialrolein understandingandmigratinglegacysystems.Workingin thecomplexenvironmentofthebankingsector,I contributedtoscalingupthebank'sstaffandsystems, witnessinga400%increaseinsize.Myfocusonsecurity remainedparamountthroughout,ensuringaseamless migrationandultimatelyleadingtothebank'ssaletoa challengerbank.
SonaliBank:Afterjoiningasasecurityconsultant,I addressedgapshighlightedinanexternalcybersecurity audit.Implementingthenecessarysecuritylayers significantlyimprovedthebank'ssecurityposture.Taking overtheITdepartment,Icraftedan18-monthroadmap, modernizingtheinfrastructureandleavingthebankinan enhancedandsecurestate.
Ineachrole,mycommitmenttolearning,problem-solving, andprioritizingsecurityhasbeencentraltoachieving successfuloutcomes.
Amongthefinancial,Oil&Gas,Sports,Manufacturing, andGovernmentsectors,whichpresentedthemost uniquechallenges,andhowdidyouaddressthem?
Inthefinancialsector,I'veexperiencedchallengesthatare particularlydauntingduetotheintricatetechnologiesand customizednatureofproducts.Securitymeasuresmustbe meticulouslyimplementedtoprotecttheenvironmentand clients,whilestrictadherencetoregulationsisparamount.
Successfullyovercomingthesechallengeshingesona profoundunderstandingofproducts,configurations,and securitymeasuresatthegranularlevel.Thoroughplanning andend-to-endtesting,includingrobustrollbackplans,are essential.Involvingbankingteamsintestingiscritical,as relyingsolelyonITcanleadtosignificantoversights. Testingmustcoverallpossiblescenarios,accountingforthe varyingactivitiesbanksconducthourly,daily,weekly,and monthly.Failuretotestcomprehensivelycanresultin seeminglysuccessfulupgradesthatrevealissuesdaysor weekslater.Inthefinancialindustry,anyfailurein upgradesorsystemchangescanleadtosubstantialfinancial andcustomerrepercussions,causingseverereputational damagetothebusiness.Majoroutagesareoftenattributed toinadequatetestingandafailuretotestrollback proceduresthoroughly
Canyoushareanexampleofeffectivelycommunicating acomplextechnicalissuetostakeholdersatdifferent businesslevels?
Inmyexperience,effectivecommunicationwithina businessrequirestailoringyourmessagetotheaudience's varyinglevelsofunderstanding.ParticularlyinIT,where technicalproficiencycandifferwidely,it'scrucialtofocus onthebusinessimpact,necessaryactionsforresolution, andtheimplicationsofinaction.Byemphasizingthese aspectsandpresentingwithconfidence,I'venoticed increasedbuy-infromthebusiness.It'sessentialtoavoid overlytechnicaldiscussions,asexecutivesmaydisengage, leadingtoresistanceagainstproposedchanges.
Forinstance,inascenarioinvolvingafinancialinstitution,I neededtoupgradeandreplacekeypaymentgatewaysto enhanceresilience.Despiteinitialdoubtsfrommydirect managementaboutsecuringfunding,Isuccessfully engagedwiththebank'sleadership.Iprovidedahigh-level rationaleforthework,offeringastraightforwardtechnical overviewthatresonatedwithalllevelsofunderstanding. Thisapproachprovedsuccessfulinobtainingtherequired fundingandsteeringtheprojecttocompletion.
Canyouhighlightasuccessfulimplementationofa cybersecuritysolutionthatsignificantlyimprovedan organization'ssecurityposture?
WorkingatSonaliBankUK,Iprioritizedimplementinga comprehensiveMDR(ManagedDetectionandResponse) solutionasavitaldefensemeasure.Forsmallerbankslike ours,MDRcoversessentialcomponentslikea24x7SOC, SIEM,VulnerabilityScanning,CloudPostureManagement, andEndpointmanagement.Limitedresourcesoftenexpose smallerbankstovulnerabilities,makingcontinuous monitoringcrucial.Inthefinancialsector,riskawareness isn'ta9-5affair;itdemands24x7vigilance.Anyclaimof completesecurityisunrealistic.AsaCISO,honestyabout potentialthreatsisvital,andtakingproactivestepsto safeguardboththebank'sandclients'dataisparamount.
Inyourrole,collaborationwiththird-partysupportand suppliersiscrucial.Howdoyouensureeffective partnershipsandsmoothintegrationwithexternal entities?
Effectivecollaborationhingesonadeptlymanaging partnershipsandworkflows,ataskcontingentonthe involvedcompanies.Employingskilledprojectmanagers significantlyinfluencesworkflowandchangemanagement. Establishingcentralizedcommunicationpointsamong companiesispivotaltoensuringpromptandefficientwork execution.Collaboratingwithproficient,communicative, andadaptivecompaniesenhancestheoverallexperience.
However,encounteringlesscooperativeentitiesposes challenges,impedingprogressinimplementations,changes, andbugfixes.Thejudiciouschoiceoftrackingtoolsproves vitalformonitoringextensiveworkflowsandtaskstatuses andpreemptivelyaddressingpotentialissues,facilitating collaborativeproblem-solvingandtimelyresolution.
Reflectingonyourcareer,whataccomplishmentor projectareyoumostproudof,andhowdiditpositively impactthebusinessesyouworkedwith?
IwouldsaymycurrentroleasCISOofGreengageisoneof myproudest.WhileIhaveenjoyedmanyprojectsatvarious companies,atGreengagewewereinthefortunateposition ofbuildingafinancialinstitutionenvironmentfromthe groundup.Thisisagreatchallenge:havingtheabilityto designthemostoptimalarchitectureusingthemost appropriateproductsforallinfrastructureandsecurity layers,ratherthanwhatoftenhappenstraditionally: inheritingthechosenproductsbyhistoricteams,whichmay notbetherightproductsfortheirpurpose.
Thisenabledthebusinesstosuccessfullygolivewithitsemoneyofferingandstartonboardingitscustomers,which wasaproudmomentforthebusinessandproveswhatcan beachievedwiththehardworkofalltheteams.
Measuring Cybersecurity Effectiveness Theonlytrulysecuresystemisonethatispowered
off,castinablockofconcrete,andsealedinaleadlinedroomwitharmedguards.Intheever-evolving landscapeofcybersecurity,wherethreatsloomlargeand technologyadvancesatarapidpace,thequotebyGene Spaffordresonateswithacertainirony.Achievingabsolute securityisanelusivegoal,butthatdoesn'tmean cybersecurityeffortsareinvain.Instead,itunderscoresthe importanceofmeasuringcybersecurityeffectivenessto enhanceresilienceandresponse.Howdoweevaluatethe efficacyofourcybersecuritymeasures?Whatmetrics providemeaningfulinsightsintoourdefenses?
Inthisarticle,wedelveintothecrucialrealmofmeasuring cybersecurityeffectiveness,aimingtonavigatethe complexitiesofsecuringourdigitallandscapes.
UnderstandingCybersecurityEffectiveness Attheheartofanyrobustcybersecuritystrategyisthe fundamentalquestion:Howeffectiveareoursecurity measures?Cyberthreatsaredynamicandmultifaceted, rangingfromsophisticatedmalwareandphishingattacksto zero-dayvulnerabilities.Inthisenvironment,aproactive andadaptableapproachisnecessary,andthat'swhere measuringcybersecurityeffectivenessbecomesimperative.
Effectivenessincybersecurityisnotaone-size-fits-all concept.Itencompassesvariousdimensions,including prevention,detection,response,andrecovery.Thegoalis notonlytopreventbreachesbutalsotominimizethe impactwhenpreventivemeasuresfallshort.Itinvolves creatingalayereddefensestrategythatcombines technology,policies,anduserawareness.
KeyMetricsforMeasuringCybersecurityEffectiveness
IncidentDetectionTime:
• Metric:MeanTimetoDetect(MTTD)
• Significance:MTTDmeasurestheaveragetimeittakes toidentifyasecurityincidentfromthemomentit occurs.AlowerMTTDsuggestsamoreefficient detectionprocess,enablingquickerresponsesto potentialthreats.
IncidentResponseTime:
• Metric:MeanTimetoRespond(MTTR)
• Significance:MTTRmeasurestheaveragetimetaken torespondtoandmitigateasecurityincidentonce detected.Aswiftresponseiscrucialforminimizingthe impactofabreachandpreventingfurtherdamage.
FalsePositiveRate:
• Metric:PercentageofFalsePositives
• Significance:Whiledetectionisessential,toomany falsepositivescanoverwhelmsecurityteamsandlead toalertfatigue.Alowerfalse-positiverateindicates moreaccuratethreatdetection,allowingteamstofocus ongenuinerisks.
VulnerabilityPatchingTime:
• Metric:TimetoPatchVulnerabilities
• Significance:Timelypatchingofvulnerabilitiesis criticaltoclosingpotentialentrypointsforattackers. Monitoringandreducingthetimeittakestopatch knownvulnerabilitiesenhancestheoverall cybersecurityposture.
PhishingResilience:
• Metric:PhishingClickRate
• Significance:Phishingattacksremainacommonentry pointforcybercriminals.Measuringtherateatwhich usersclickonphishinglinksprovidesinsightsintothe effectivenessofawarenesstrainingandtheoverall securityculture.
UserEducationEffectiveness:
• Metric:TrainingCompletionRates
• Significance:Educatingusersoncybersecuritybest practicesisessential.Monitoringtrainingcompletion rateshelpsgaugetheeffectivenessofeducational programsandidentifiesareasforimprovement.
EndpointProtection:
• Metric:EndpointDetectionandResponse(EDR) Effectiveness
• Significance:Endpointsarefrequenttargetsforattacks. EvaluatingtheeffectivenessofEDRsolutionsin detectingandrespondingtothreatsattheendpoint providesacruciallayerofsecurity.
ChallengesinMeasuringCybersecurityEffectiveness Despitetheimportanceofthesemetrics,measuring cybersecurityeffectivenesscomeswithitsownsetof challenges.Thedynamicnatureofcyberthreats,the evolvingtechnologylandscape,andtheincreasing sophisticationofattackersmakeitchallengingtoestablish staticbenchmarks.Additionally,theinterconnectednessof systemsandthesheervolumeofdatageneratedpose difficultiesindiscerningmeaningfulpatterns.
Moreover,theintangiblenatureofsuccessfulcyber attacks—particularlythoseprevented—complicatesthe assessmentprocess.Howcanonemeasuretheabsenceofa breach?Itrequiresashiftinmindsetfrommerelycounting successfulattackstoevaluatingtheeffectivenessof proactivemeasuresinthwartingpotentialthreats.
AComprehensiveApproach
toCybersecurity Effectiveness
Toaddressthesechallenges,organizationsmustadopta comprehensiveapproachtomeasuringcybersecurity effectiveness.Thisinvolvesintegratingquantitativemetrics withqualitativeassessments,leveragingtechnology,and fosteringacultureofcontinuousimprovement.
• Risk-BasedMetrics:Developmetricsthatalignwith theorganization'sriskappetite.Focusonmeasuringthe effectivenessofcontrolsthatdirectlymitigatehighimpactrisks.
• ContinuousMonitoring:Implementcontinuous monitoringsystemstotrackreal-timesecuritymetrics. Thisallowsforimmediateresponsestoemerging threatsandprovidesamoreaccuratereflectionofthe currentsecurityposture.
• RedTeamExercises:Conductregularredteam exercisestosimulatereal-worldattackscenarios.These exerciseshelpevaluatetheeffectivenessofboth preventiveandresponsivemeasuresinacontrolled environment.
• CollaborativeThreatIntelligence:Engagein informationsharingandcollaborativethreat intelligenceeffortswithindustrypeers.Thiscollective approachenhancestheabilitytoidentifyandrespond toemergingthreatsmoreeffectively
• SecurityAwarenessandTraining:Emphasizethe humanelementbyinvestinginongoingsecurity awarenessandtrainingprograms.Measuretheimpact oftheseprogramsonuserbehaviorandtheoverall securityculturewithintheorganization.
Conclusion
Metricsarevaluableindicators,buttheyshouldnotbethe solefocus.Cybersecurityeffectivenessisaholisticconcept thatinvolvespeople,processes,andtechnologyworkingin tandem.Whilemetricsprovidequantifiableinsights, qualitativeassessments,adaptivestrategies,anda commitmenttocontinuousimprovementareequally essential.
AsGeneSpafford'squotesuggests,achievingabsolute securitymightbeanunattainablegoal,butthejourney towarditismarkedbyresilience,adaptability,anda commitmenttostayingonestepaheadoftheever-evolving threatlandscape.Inmeasuringcybersecurityeffectiveness, organizationsnotonlysafeguardtheirdigitalassetsbutalso fortifytheirabilitytothriveinaninterconnectedand unpredictablecyberspace.
- Alaya Brown
Championing Privacy, Inspiring Change, and Nurturing the Future!
InaworlddominatedbyGenZ,whereourlivesare increasinglylivedonline,fromsocialmedia interactionstoonlinepurchases,eachdigital engagementcontributestowhathascometobeknownas our"digitalfootprint."Thisfootprintisessentiallyatrailof personaldatapointsthatcollectivelypaintavividpictureof whoweare,whatwelike,andhowwedirectthedigital landscape.Whilethisinformationcanbeharnessedfor targetedadvertisingorimproveduserexperiences,italso raisesconcernsabouttheextenttowhichindividualshave controlovertheirowndata.
SawanJoshiemergesasastalwartdefender,donningthe mantleofChiefInformationSecurityOfficeratMitiga Solutions&ThePrivacyBusinessGroupLtd.
Sawan'sjourneyintoinformationsecuritywasnotjusta careerchoice;itwasacallingfueledbyaprofoundsenseof responsibility.Inspiredbythedigitizationofdata,he recognizedthetransformativepoweroftechnologyin shapingourlives.Simultaneously,hewasdrawnintothe industrybythealarmingsurgeincybercrimes,eachonea starkreminderofthevulnerabilitiesofourinterconnected world.
Givenastagetospeakaboutprotectingpeople,Sawan's messageisclearandconcise.Inaworldwheredataisboth thelifebloodofprogressandthetargetofmaliciousintent, headvocatesforacollectiveresponsibilitytosafeguard privacy.AstheCISO,hismissionextendsbeyondsecuring
data;it'saboutempoweringindividualstotakewellinformedactionsintheirrolesasguardiansofdigital sanctuaries.
BehindthetitleofChiefInformationSecurityOfficerlies therolethattrulydefinesSawan—beingafather Asa parenttoquadrupletchildren,hedrawsinspirationfrom theirinnocenceandenvisionsafuturewheredigital landscapesareresilientandsecure.Forhim,the responsibilityofprotectingnotjusthisownfamilybutthe globaldigitalcommunityaddsdepthandurgencytohis mission.
SawanJoshiisnotjustsafeguardingthepresent;he's architectingaresilientfuture.Hisroleextendsbeyondthe corporatecorridorstotheheartoffamilylife.Byinstilling theimportanceofprivacyandsecurityinhischildren,he's shapingagenerationthatunderstandsthevalueofdigital trustandthesignificanceofsafeguardingdata.
Inanagewhereinformationispower,Sawan'sadvocacy forprivacyandsecuritybecomesnotjustaprofessional responsibilitybutaprofoundcommitmenttothewell-being ofindividualsandgenerationstocome.
Below are the interview highlights:
CouldyoupleasebriefusaboutMitigaSolutionsandits inceptionstory?
Foundedin2018,MitigaSolutionsisascience-based climateriskintelligencecompanythathelpsorganizations understandtheirexposuretoclimaterisktomakewellinformeddecisionsandprotecttheirassets.
Canyoushareyourjourneyinthefieldsofinformation security,IToperations,anddataprotection, highlightingkeymilestonesinyour15-yearcareer?
Overthepast15years,wehaveseenmanyacquisitions, mergers,andevendivestitures,andmycareerhasbeen loadedwiththistopic.Withover10acquisitionsundermy belt,Isupportedmyemployerswithcomplexscenarios whereglobalofficesareinscopeandprovidedsolutions fromtechnologicalcapabilitiesthathavecomefromhighly availableprivateandpubliccloudsandthewayreplication solutionscanallowfordataintegrityandcollaboration.It wasimportanttoprovideagileandadaptivesolutions duringtheseinitiatives.
Somekeyhighlightsduringmycareerwerebuilding informationsecurityandoperationsforLondonLuton Airport,ahighlyregulatedessentialservicesproviderthat neededabalancedblendofinternalandexternalsecurity thatnotonlyprotecteddigitalsystemsbutalsoprovided monetizationopportunitiesthroughphysicalsecurity technologiesinsidetheairportfacilities.
Overtheyears,Ileveragedtheopportunitytonetworkat theboardlevel.Thislevelofcommunicationwasavery excitingareaforme,asitbuiltmyowncareerconfidence throughthevalidationitreceived.Iwouldalwaysbring well-preparedinformationtoameetingtovalidatehavinga placeatsuchmeetings,anditwasimportantthatIknewit sowellthatIcouldarticulateitinthatmeetingtokeep stakeholderinterest.Thisalwaysmeantkeepingthefocus onwhymypointsmatteredinthefirstplace.
DuringmyroleatFirstPortLtd.,whichistheUK'slargest propertymanagementcompanyandnowaglobal organizationthathassetouttogrowbyacquisitionata rapidpace,protectingtheexecutiveleadershipteam's interestswasvital,aswasensuringimpartialfactsreached
Sawan Joshi Chief Informa�on Security
theboard.Todothat,strategicalignmentwaskey,andto ensurethataswecompletedtheseacquisitions,therisks thatweretakenonbytheacquiredcompanyweregoingto bemanagedwithtrustedeyesandthatclearsightofwhat theywerewassharedbeforeclosingtheinvestment.
Todothat,Icreatedarepeatableacquisitioncapabilitythat couldbeappliedeachtime,whichledtosuccessinmyrole, andnewriskswereprocessedintothesecurityroadmap.
Todothat,ensuringtechnologiesthatcanscalewith simplicitywasvital,aswashavingtheinternalandexternal peopleonboardtomakeithappen.Ihaveoftenfoundthat itisnotthesizeoftheteambutthecapabilityoftheteam thatcountsmost.
Tosumup,somehighlightsofmydataprotection experiencearenotsector-specific.AsIgrewmyexperience
andcontinuedtotopupmyknowledge,whichisconstantly partoftheterritory,Iwasabletotailorandadaptittoany organizationtypeonceIunderstoodthebusinessandwhat appliedtothemfirst.
Thishasbecomemypersonalrepeatablestrategy,which hasnowbeenappliedtoanairport,aglobalsportsretail company,theUK'snumberonecharityfordogs,multiple financialservicescompanies,andnow2climatetech companies.ThesehavebecomeadventuresIlovetotellmy networkandspecificallymychildrenastheygrowupand begintounderstandthatworkingforwhoyouwantisgoing tohaveabetterchanceofhappeningifyouempower yourselfwithacareerstrengthenedbyknowledge,andif youknowitwell,youcanexplainitwell.
InyourcurrentroleastheChiefInformationSecurity OfficeratMitigaSolutions,whatstrategicinitiatives haveyouimplementedtoenhanceinformationsecurity withintheorganization?
Thetimetoactagainsttherisksourworldfacesfrom climatechangeisnow;itcannotbeanafterthought,and withinthepublicandprivatesectors,wehavean opportunitytotakestepsthatmakeanimpactnow.Itall startswithtakinga360-degreelookatallprospectsand whatmatterstothem.Thismeanscustomers,partners,and investorsnowandinthefuture.Buildingastrategic roadmapalongwithlawsandregulationsthatarewithin scopeandwillbuildtrustinthesupplychainisessential.
Iarticulatearoadmaplikethisasprotectionaroundpeople, platforms,andprocessesthatcanprovidebalanced protectionofassetsandsupportrevenuegenerationthrough independentvalidations.Thesearehowwemakesurewe canbereliedontoscorehighlyintrustscoreswithour privacy-by-defaultdesignbusinessarchitecture.
Inthesepillars,whatthatwouldlooklikeistoensurewe putalayereddefensearoundpeopletoensureweprotect theiridentitywithmultiplefactors,plustheadditional layersthatincludeanomalydetectionforthosesign-ins, suchasimpossibletravelmetricsanduserbehavior analyticstodetectdeviationsfromnormalinteractionsand datamanipulations.
Additionally,onplatforms,itisvitaltoimplementaclear, transparentviewofalltheseactivitiesonceanidentityhas beenvalidatedtoensuretrust,butverificationisconstant andanyadverseinteractionsandactivitiesacrossplatforms arequicklyidentifiedsowecantakeresponseactions.
Thethirdpillaristobuildrobustcapabilitiesaround processesthroughtop-downgovernanceandensurewe havedataprotectioncomplianceandbusinesscontinuity, withdisasterrecoverybakedrightin.Thatishowyou becomebreach-readysothatanadverseincidentbecomes anoperationalmetrictotrackandcontinuouslyimproveon andnotabusiness-hinderingaftermath.
Thisdoesnotmeangoingoutandpurchasingallthelatest securitytechnologiesthatcovertheacronymsthatare constantlyevolvingasbuzzwordsinthebroadofferingsof manysolutionproviders,butthismeansensuringfinancial stewardshipisattheheartofaroadmaplikethisandthat investmentsareoflowcomplexityandcost,thusachieving understandablesecuritybydesign.Asabusinessleader, thatisimportant.
AtThePrivacyBusinessGroupLtd.,howdidyou contributetothedevelopmentofprivacystrategies? Whatwerethekeychallengesyoufacedinthisrole,and whatisTriStep.io?
AsIfoundmyapproachtoapplyingprivacyandsecurity strategiestoanysectorsuccessful,IrealizedIwantedto applythistomorecompaniesandreflectedonmy experiencewithlargeenterprisesvs.thechallengesstartups faceastheytrytodobusinesswithlargeenterprises.I wantedtotakemyexperiencefrombothsidesintomaking thosepublicandprivatebusinesspartnershipssimplerto puttogether,trustablebyvalidation,andsuccessfulintheir abilitytolast.
ThatiswhenIdecidedtoformThePrivacyBusinessGroup Ltd.,butmygoalwasnottofocusontraditionaladvisory services.Today,notmanyorganizationswanta5-yearplan soldtotheminaninterview;theywantobjectivesandkey
resultsmeasuredquarterly,andIwanttobringthe capabilitytohelporganizationshavealow-leveltouchfrom anadvisoryandtoeasilygainaccesstosoftwarethatisnot onlylow-costbutwillgivea3-stepplantoriskand sustainabilityframeworksthatwillhelpthemmindtheir ownposture.ThatiswhyIfoundedTriStep.io,whichisa riskandsustainabilityframeworkplatformthatwillbe availableforeveryoneinJanuary2024.
Couldyoushareinsightsintothesignificanceofthe certificationsyouobtained?
Thesequalificationsofferveryrelevantfuture-proofvalue andofferacomplexpathtoobtainthem,whichispartof theachievementafterall,theeasyoptionsareneverofthe mostvalue.
ThequalificationsfromIAPP,ISC2,andISACAoffer continuousprofessionaldevelopmentsystemstokeepthe certificationvalidforafee,andparticipationkeeps continuouslearningontrackandyourinitialinvestmentin place.
Itisimportanttoknowtheoperatingcostofachievingand maintainingcertificationswhendecidinghowmuchtowork forinsalaryorself-employmentandtotakethatinto accountwhenrunningyourowncareer.Myviewisthatno employershouldrunyourcareer;itisimportanttodrive thatyourself.
Addressing Insider Threats in Cybersecurity for CISOs Thegreatestdangertoourcybersecurityoftenlurkswithin ourownwalls.HowcanCISOseffectivelyaddressinsider threatsandsafeguardtheirorganizations?
Cybersecurityhasbecomeacornerstonein protectingorganizationsfromanever-expanding arrayofthreats.Whileexternalthreatslikehackers andmalwareoftengrabtheheadlines,thesignificanceof insiderthreatscannotbeoverstated.Insiders,whether intentionallymaliciousorunwittinglynegligent,posea substantialrisktoanorganization'ssensitivedataand digitalinfrastructure.ForChiefInformationSecurity Officers(CISOs),thechallengeliesinnavigatingthis complexlandscapetosecuretheirorganizationsfrom within.
UnderstandingInsiderThreats Insiderthreatscanmanifestinvariousforms,from employeeswithmaliciousintentseekingfinancialgainor revengetowell-meaningstaffwhoinadvertently compromisesecuritythroughnegligence.Infact,a2021 InsiderThreatReportfoundthat68%oforganizationsfeel vulnerabletoinsiderattacks.Thisunderscorestheurgency forCISOstoadoptacomprehensiveapproachtoaddress thismultifacetedchallenge.
Thefirststepintacklinginsiderthreatsisacknowledging thattheyexist.Noorganizationisimmune,regardlessofits sizeorindustry AsaCISO,it'simperativetocultivatea cultureofcybersecurityawarenesswithintheorganization andfosteranenvironmentwhereemployeesunderstandthe potentialrisksassociatedwiththeiractions.
BuildingaCultureofCybersecurityAwareness Howcanyouexpectyouremployeestosafeguardyour
organizationiftheydon'tunderstandthevalueofthe informationthey'reprotecting?Creatingacultureof cybersecurityawarenessstartswitheducation.Regular trainingsessionsandworkshopsshouldbeconductedto keepemployeesinformedaboutthelatestcybersecurity threats,includingthepotentialimpactofinsiderthreats. ThiseducationshouldextendbeyondtheITdepartmentto reachalllevelsoftheorganization.Wheneveryone understandstherisks,theyaremorelikelytoactively contributetotheorganization'scybersecurityefforts.
Additionally,implementingstrongaccesscontrolsand monitoringmechanismsisessential.Limitingaccessto sensitiveinformationonaneed-to-knowbasisreducesthe likelihoodofunauthorizedorunintentionaldataexposure. Regularlyreviewingandupdatingaccesspermissions, especiallywhenemployeeschangerolesorleavethe organization,iscrucialtomaintainingasecure environment.
ImplementingUserBehaviorAnalytics It'snotjustaboutwhatpeopledo,buthowtheydoit. Understandinguserbehavioriskeytodetectingpotential insiderthreatsbeforetheyescalate.
UserBehaviorAnalytics(UBA)playsapivotalrolein identifyinganomalousactivitiesthatmayindicateinsider threats.Byestablishingabaselineofnormaluserbehavior, securitysystemscandetectdeviationsthatmaysignala potentialsecurityrisk.Forexample,suddenaccessto sensitivedatabyanemployeewhohasneveraccessedit beforeorirregularlogintimescantriggeralertsforfurther investigation.
CISOsshouldleverageadvancedtechnologies,suchas machinelearningalgorithms,toenhancetheaccuracyof UBA.Thesetechnologiescananalyzevastamountsofdata anddetectpatternsthatmayeludetraditionalsecurity measures.InvestinginUBAnotonlystrengthensan organization'sdefensesbutalsoallowsformoreproactive threatmitigation.
MonitoringPrivilegedUsers Withgreatpowercomesgreatresponsibility,andprivileged usersarenoexception.Monitoringtheiractivitiesisa criticalaspectofinsiderthreatprevention.
Privilegedusers,suchassystemadministratorsand executives,haveelevatedaccesslevelsthatmakethem potentialtargetsorunwittingconduitsforinsiderthreats. CISOsmustimplementrobustmonitoringsystemstotrack theactivitiesofprivilegedusers,ensuringthattheiractions alignwiththeirrolesandresponsibilities.
Regularauditsandreviewsofprivilegeduseraccesslogs canrevealanysuspiciousbehaviororunauthorizedaccess. ThisproactiveapproachenablesCISOstointervene promptlyandmitigatepotentialthreatsbeforetheyescalate. Moreover,itsendsaclearmessagethatallusers,regardless oftheirposition,aresubjecttoscrutinytomaintainasecure environment.
EstablishingaWhistleblowerProgram Sometimes,themostvaluableinsightscomefromwithin. Encourageemployeestospeakupiftheynoticeanything amiss.
Awhistleblowerprogramprovidesemployeeswitha confidentialchanneltoreportsuspiciousactivitieswithout fearofreprisal.CISOsshouldworkincollaborationwith HRandlegalteamstoestablisharobustandanonymous reportingmechanism.Thisencouragesasenseofshared responsibilityforcybersecurityandcanbeaninvaluable sourceofearlydetectionforinsiderthreats.
Toensuretheeffectivenessofthewhistleblowerprogram, it'sessentialtocommunicateitsexistenceclearlyand regularly.Employeesshouldbeinformedaboutthe importanceofreportinganyconcernspromptly, emphasizingthattheircontributionsplayacrucialrolein safeguardingtheorganization.
RespondingtoInsiderThreatIncidents Preventionisideal,butpreparationisimperative.Havinga
well-definedincidentresponseplanisessentialwhen addressinginsiderthreats.
Nocybersecuritystrategyisfoolproof,andinsiderthreats maystilloccurdespitethebestpreventivemeasures.CISOs musthaveawell-definedincidentresponseplaninplaceto mitigatetheimpactofapotentialbreachswiftly.
Theincidentresponseplanshouldoutlineclearprocedures foridentifying,containing,anderadicatinginsiderthreats. ThisincludescollaborationwiththelegalandHRteamsto handlepotentiallegalandpersonnelissues.Regularly testingandupdatingtheincidentresponseplanensuresits effectivenesswhenfacedwiththedynamicnatureofinsider threats.
Conclusion
Intherealmofcybersecurity,therealchallengeoftenlies notinthecomplexityoftechnologybutinunderstanding humanbehavior.CISOsmustaddressinsiderthreatswitha combinationoftechnologicalsolutions,culturalinitiatives, andproactivemeasures.
AsCISOsnavigatetheever-evolvinglandscapeof cybersecurity,addressinginsiderthreatsshouldremaina toppriority.Bybuildingacultureofcybersecurity awareness,implementingadvancedtechnologieslikeUBA, monitoringprivilegedusers,establishingwhistleblower programs,andhavingarobustincidentresponseplan, CISOscanstrengthentheirorganizationsfromwithin.The journeytowardsamoresecurefuturebeginsbyrecognizing thatthegreatestthreatsmaybethoseworkingwithinour ownwalls,andthekeytosuccessliesinaproactiveand holisticapproachtocybersecurity
- Alaya Brown
A Journey of Compliance, Innovation, and ISO 27001 Certification in Healthcare Cybersecurity!
Isyourdatasafe?Aquestionechoingthroughthe
corridorsofthedigitalageresonateswithasenseof urgencyandresponsibility.Inaworldwhere informationisthelifebloodofindustries,it'scrucialtohave guardiansatthehelm.MeetStuartWalsh,thevigilant guardianofdigitalfortresses,currentlyservingastheChief InformationSecurityOfficer(CISO)atBlueStream AcademyLtd.
Stuart'sjourneyfromawebsitedesignertoCISOreflects theevolvinglandscapeofcybersecurity Asorganizations, especiallyinsensitivesectorslikehealthcare,grapplewith theescalatingsignificanceofdata,Stuart'sstorymirrorsthis paradigmshift.Histenurecommencedwithexpanded responsibilitiesinofficemanagement,atestamenttohis adaptabilityandforesight.
WiththeimpendingshadowoftheGeneralDataProtection Regulation(GDPR),Stuartrecognizedtheneedtofortify theirdefensesandshowcasearobustcommitmenttodata protection.ThepursuitofISO27001accreditationbecame astrategicmove,aboldstatementaffirmingBlueStream AcademyLtd.'sdedicationtosafeguardingtheintegrityof information.
Inthepivotalyearof2017,hesteppedintotheroleof CISO,entrustedwiththemissiontoestablishand coordinateanInformationSecurityManagementSystem (ISMS).ThissystemnotonlyalignedwithGDPR requirementsbutalsolaidthegroundworkforISO27001 certification.Hisleadershipbecameinstrumentalin
navigatingthecomplexitiesofcompliance,ensuringthat theorganizationnotonlymetregulatorystandardsbut surpassedthem.
Below are the interview highlights:
CanyoubrieflydescribeyourroleastheChief InformationSecurityOfficer(CISO)atBlueStream AcademyLtd.andtheprimaryresponsibilitiesthat comewithit?
AstheCISOatBlueStreamAcademyLtd.,myrolecenters onsafeguardingourinformationsystems;my responsibilitiesencompassdevelopingandimplementinga comprehensiveinformationsecuritystrategythataligns withbothourbusinessobjectivesandthestringent regulatorydemandsofthehealthcareindustry.Akeypartof myjobismanagingrisksassociatedwithinformation security,whichinvolvesidentifyingpotentialthreats, assessingvulnerabilities,implementingappropriate mitigationstrategies,andensuringcompliancewitheverevolvinglegalandregulatorystandards.
Ileadtheresponsetoanysecurityincidents,collaborate closelywithvariousdepartmentstoensureaunified approachtoinformationsecurity,andregularly communicatewithseniormanagementandstakeholders aboutoursecuritypostureandinitiatives.
Ialsooverseetheselectionandmanagementofsecurity technologiesanddrivethedevelopmentofcybersecurity trainingandawarenessprogramsforallemployees.
Stuart Walsh Chief
Blue Stream
InyourexperienceasaCISO,whatdoyouconsiderthe mostchallengingaspectofensuringinformation securitywithinahealthcare-focusedorganization?
Themostchallengingaspectsofensuringinformation securitywithinahealthcare-focusedorganizationare complianceandregulatoryrequirements.
TheUKhealthcareindustryisobviouslyheavilyregulated; ensuringthatourorganizationmeetstheserequirementsand isawareofanychangesinthelaw,thelegallandscape,or bestpracticesindataprotection,particularlyinthepostBrexitera,requiresregulartrainingandawareness programsforallemployeesaswellascontinuous monitoringandauditingofourdataprocessingactivities.
Theburdenofcompliancecansometimesbe disproportionatelyheavy;assuch,itisespeciallyimportant thatIamabletoforeseepotentialchangesandensurethat ourorganizationremainsproactiveratherthanreactivein itscomplianceeffortsandhastheagilitytoadapttochanges inawaythatalignswithbothourlegalobligationsand operationalrealities.
Howdoyouapproachcreatingandimplementing informationsecuritypoliciestoalignwiththeunique needsandregulationsofhealthcareorganizationsinthe UK?
Understandingthespecificneedsandchallengesof healthcareorganizationsiscrucialwhenimplementing informationsecuritypolicies.Ourapproachtocreatingand implementingthesepoliciesisabalancedmixofregulatory compliance,riskmanagement,adaptability,collaboration, andeducationtailoredtomeetthespecificneedsoftheUK healthcareindustry
Intermsofregulatoryalignment,theUK’slegallandscape fordataprotectionandhealthcareinformationsecurityis guidedprimarilybytheGeneralDataProtectionRegulation (GDPR),asincorporatedintoUKlawpost-Brexit,andthe DataProtectionAct2018.Theseregulationssetthebaseline forourinformationsecuritypolicies.Toalignourpolicies withtheseregulations,weconductathoroughanalysisof ourdataprocessingactivities,assessinghowdatais collected,stored,used,andshared.Thishelpsinidentifying andmitigatingrisksandensuringcompliancewithdata protectionprinciples.
Anotherkeyaspectisensuringthatourpoliciesarenot static;thehealthcaresectoranditsregulatoryenvironment aredynamic,withevolvingchallengesandlegal requirements.Therefore,ourpoliciesaredesignedtobe flexibleandadaptable,withregularreviewsandupdatesto reflectchangesintechnology,threats,andregulations.
Collaborationwithhealthcareorganizations,stakeholder engagement,training,andawarenessarealsointegraltoour policyimplementation.
Canyoushareanexampleofasignificantsecurity challengeyou'vefacedinyourroleandhowyou successfullymitigatedtheriskwhilemaintaining operationalefficiency?
OneofthemostsignificantsecuritychallengesIhavefaced inmyroleasCISO,especiallyduringtheCOVID-19 pandemic,wastherapidtransitiontoremotework.This shiftposedauniquesetofrisks,particularlyforour organization,whichprovidesonlinetrainingandHR managementplatformstohealthcareorganizationsinthe UK,wheredatasensitivityandprivacyareparamount.
Theprimarychallengewasensuringthatouremployees couldworkfromhomesecurelywithoutcompromisingthe confidentiality,integrity,andavailabilityofthesensitive datawehandle.Therisksweremultifaceted,including increasedvulnerabilitytocyberattacks,potentialdata breaches,andthechallengeofmaintainingcompliancewith stringenthealthcaredataprotectionregulationsinaremote environment.
MitigatingtheseissuesrequiredenhancedVPNsecurity,the securingofhomenetworks,increasedendpointprotection, improveddataaccesscontrols,additionaltraining,auditing andmonitoring,andadaptationofourbusinesscontinuity planning.
Byimplementingthesemeasures,wewereableto successfullymitigatetherisksassociatedwithremotework duringtheCOVID-19pandemic.Ourteamremained productiveandefficient,andweensuredthatthesensitive datawehandledremainedsecure,maintainingthetrustof ourclientsinthehealthcaresector Thisexperiencealso providedvaluableinsightsandpreparednessstrategiesthat havestrengthenedouroverallinformationsecurityposture.
Withtheconstantlyevolvinglandscapeofcybersecurity threats,howdoyoustayinformedaboutthelatest trendsandtechnologiestoensureBlueStream Academy'sinformationsecuritymeasuresremain robust?
Stayinginformedoftherapidlyevolvinglandscapeof cybersecuritythreatsisacriticalaspectofmyroleasCISO. Inanindustryassensitiveashealthcare,it'simperativethat oursecuritymeasuresarenotjustcurrentbutalsoforwardlooking,whichinvolvescontinuouslearningandresearch, engagementwithcybersecuritycommunities,attending conferences,exhibitions,andworkshops,maintaining supplierrelationshipsandindustrypartnerships, vulnerabilityassessments,andincidentreviews.
Consideringthesensitivityofhealthcaredata,howdo youensurecompliancewithrelevantdataprotection laws,suchasGDPR,andmaintainahighstandardof dataprivacy?
Ourapproachtocompliancewithdataprotectionlawsand maintainingdataprivacyinvolvesablendofongoinglegal understanding,riskmanagement,policyimplementation, stafftraining,technicalsafeguards,vendorcompliance, incidentpreparedness,andtransparentcommunicationwith datasubjects.Athoroughandcontinuouslyupdated understandingofGDPRandotherrelevantregulationsis essential;weconductregularriskassessmentsandData ProtectionImpactAssessments(DPIAs)toidentifyand mitigatepotentialrisksinourdataprocessingactivities, aligningwithGDPR'sproactiveriskmanagement requirements.
Wehaveestablishedrobustdataprotectionpoliciesand procedures,whichareregularlyreviewedandupdatedto ensurecompliancewithlegalrequirements.
Employeetrainingandawarenessarekey;weregularly educateourstaffonGDPRrequirements,databreach recognitionandreporting,andbestpracticesindata handlingtominimizehumanerror-relatedbreaches. Technicalandorganizationalmeasures,suchasencryption, accesscontrols,andregularsecurityaudits,are implementedandcontinuallyrevisedtosafeguarddata. Vendormanagementisalsocrucial,ensuringthatour partnerscomplywiththesamedataprotectionstandards throughduediligenceandcontractualagreements.
Finally,transparencywithdatasubjectsabouttheirdata usage,rights,andexerciseoftheserightsisacriticalaspect ofourstrategy,ensuringclearcommunicationand maintainingtrust.
Cybersecurity Visionary and Global Contributor: Safeguarding Saudi Arabia’s Cyber Frontlines Asthedigitalworldcontinuestoevolveata
breakneckpace,thequestiononeveryone'smind is,Howdoweprotectourselvesinthiseverexpandingcyberlandscape?Inthequestforanswers,we turnourspotlightonTariqAl-Shareef,aluminaryinthe fieldofcybersecuritywhosejourneyisnotjustacareerbut acommitmenttofortifyingthedigitalrealm.
Tariq'sjourneystartedwhenhegraduatedfromthe esteemedKingFahdUniversityofPetroleumandMinerals withadegreeinelectricalengineering.Hewenttothe NationalInformationCenterforhisfirstprofessional experience,wherehebecamewell-versedinthecomplex fieldofinformationtechnology.Hehadnoideathatthis firstactionwouldsetoffaseriesofeventsthatwould transformthecybersecuritylandscapeforever.
TheturningpointcamewhenTariqtransitionedtothe dynamicfieldofcybersecurity,specificallyasanIncident ResponseAnalyst.Thisearlyexposurenotonlyhonedhis skillsbutalsolaidthegroundworkforhissubsequentroles. HisinvaluablecontributionsasanIncidentResponse ConsultantatSITEwereinstrumentalinaddressing nationalcyberattacksinSaudiArabia,showcasinghis prowessintheever-evolvingbattlefieldofcybersecurity. Tariq'strajectoryfurtherunfoldedinthefinancialsector, wherehecollaboratedwithENBD,leavinganindelible markontheindustry.Hisexceptionalskillsandstrategic acumenpavedthewayforhiscurrentroleastheChief InformationSecurityOfficer(CISO)atSiFi.Inthis influentialposition,hestandsasaguardianofdigital fortresses,navigatingthecomplexlandscapeof cybersecurityandsteeringstrategiestosafeguardvital information.
Let’s delve into the tale of a lifelong learner and advocate for secure technological advancements!
CouldyoupleasetellusaboutSiFianditsinception story?
SiFiwasfoundedbyHisExcellencyAhmedAlhakbaniwith thevisionofrevolutionizingenterprisefinancial managementintheKingdom.SiFioffersacomprehensive suiteofsolutionsthataddressthekeychallengesof enterprisefinancemanagement,empoweringenterprisesto growandthrive.
Whatarethekeychallengesthatorganizationsfacein termsofinformationsecuritytodayandhowdoyou addresstheminyourroleasaCISO?
Thecybersecuritylandscapepresentsaformidablearrayof challenges,eachwithitsownuniquecomplexitiesand varyingdegreesofseveritydependingontheorganization’s industryandsize.Thesechallengeshavefueledaglobal
marketworthanestimated150billionUSDin2021as organizationsworldwidestrivetofortifytheirdigital defensesagainsttheever-evolvingthreatlandscape.While cybersecuritychallengesmanifestindiverseforms,certain issuestranscendindividualorganizations,demandinga coordinatedresponseatthenationallevel.Onesuchissueis theglobalshortageofskilledcybersecurityprofessionals, whileanotheristheescalatingcostofcybersecurity servicesandsolutions.
AsaCISOandcybersecurityexpert,myparamount responsibilityistoempowertheorganizationtothrive whileadheringtotheapplicableregulatoryframeworkand ensuringtheprotectionofinformationassetsagainstcyber threats.Thisentailsacomprehensiveapproachto identifying,prioritizing,andmitigatingcybersecurityrisks, ensuringthattheserisksareeffectivelycommunicatedto theexecutivemanagementteam.Theoverarchingchallenge Ifaceliesinstrikingadelicatebalancebetweencompliance andriskreductionwithoutundulystrainingthe organization’sresources.
Howdoyouensuretheconfidentiality,integrity,and availabilityofsensitivedatawithinyourorganization?
AsaCISOinthefinancialindustry,Iammandatedto adheretoallapplicableregulatoryframeworksandindustry standards.Theseframeworksandstandardsareintendedto safeguardtheconfidentiality,integrity,andavailability (CIA)ofourorganization’sdataandsystems.Itismyduty toensurethatallCIAcontrolsareimplemented,effective, andmeasured,andthatcomprehensivecybersecurity hygieneisadopted.Aswellastotranslatethecyberrisks intoalanguagethatiswellunderstoodbytheboard.
Whatstrategiesdoyouemploytostayupdatedwiththe latestsecuritythreatsandemergingtechnologies?
Cybersecurityisarapidlyevolvingfield,withnew technologiesandthreatsemergingatarapidpace.Thiscan makeitdifficulttostayup-to-dateandmaintaina comprehensiveunderstandingofthethreatlandscape.
However,severalstepscanbetakentomaintainawareness ofthelatestdevelopmentsincybersecurity.Onestepisto readperiodicreportspublishedbycybersecuritycompanies andtofollownewcybersecurityresearch.
Additionally,readingcybersecurityblogs,following cybersecurityexpertsonsocialmedia,andconnectingwith fieldexpertscanprovidevaluableinsightsintothelatest
threatsandtrends.Finally,participatingincybersecurity conferencescanofferanopportunitytolearnaboutnew technologiesandtrends,aswellastonetworkwithother cybersecurityprofessionals.
Canyouprovideanexampleofasuccessfulsecurity incidentresponseyouhavemanaged?Howdidyou handlethesituation,andwhatmeasuresdidyoutaketo mitigatetheimpact?
WhileI’mconstrainedfromdiscussingspecificincidents frommypreviousandcurrentroles,IcansharethatIhave extensiveexperienceasadigitalforensicandincident responseconsultant.Inthiscapacity,Ihaveassisted numerousclientsineffectivelyrespondingtocyber breachesandremediatingthedamagecausedbythese attacks.
Acommonshortcomingobservedduringmyexperienceis theabsenceofadequatemonitoringonaffectedservers. Thislackofvisibilityleavescriticalsystemsvulnerableto undetectedintrusionsandpotentialdatabreaches. Additionally,thefailuretopromptlyapplypatchesfor knownhigh-severityvulnerabilitiescreatesexploitable entrypointsformaliciousactors.Thesevulnerabilities,if leftunaddressed,canserveaseasytargetsforattackersto exploit,potentiallycompromisingsensitivedataand disruptingoperations.Furthermore,thelackofproper networksegmentationanddutysegregationcanamplifythe impactofbreaches.Bysegmentingnetworksand implementingclearsegregationofduties,organizationscan limitthescopeofpotentialdamageandminimizethe spreadofunauthorizedaccess.
Howdoyouapproachbuildingastrongsecurityculture withintheorganizationandwhatstepsdoyoutaketo ensurethatallemployeesareawareoftheirrolesand responsibilitiesinmaintaininginformationsecurity?
Creatingastrongcybersecuritycultureinanorganizationis atop-downendeavor.TheCISOmustensurethattheboard ofdirectorsandexecutivemanagementarefullycommitted tocybersecurity,asthisisessentialforemployeeadoption. Oncethiscommitmentismade,awarenessprogramsshould beestablishedtoeducateemployeesaboutthethreatsposed bycyberattacks.Thiswillhelptocreateacultureof awarenessandpreparedness,whichisessentialfor implementingandmaintainingthebestcybersecurity practices.
Inyouropinion,whatarethemostessentialsecurity controlsthateveryorganizationshouldhaveinplace?
Manyaccreditedstandardsidentifytheessential cybersecuritycontrolsbasedontheindustry.InSaudi Arabia,theNationalCybersecurityAuthorityhasdeveloped theEssentialCybersecurityControls,whichoutlinethe fundamentalcontrolsthatorganizationsmustimplement.
Duetotheirlimitedresources,IbelievethatSMEsshould prioritizesecuritycontrolsthatreducetheattacksurface andprotectagainstautomatedattacks.Thisincludes implementingavulnerabilitymanagementprogram, deployingessentialsecuritycontrolssuchasfirewallsas wellaswebapplicationfirewalls,andapplyingbest practicessuchashardeningstandardsandconfiguration.
Additionally,organizationsshouldenforceendpoint protectiononallassetsbyimplementingendpointdetection andresponse(EDR)andadvancedantivirussolutionsto protectagainstmalwareandransomware.
Howdoyoucollaboratewithotherdepartments,suchas IT,legal,andcompliance,toensureaholisticapproach toinformationsecurity?
Thecollaborationshouldbeembeddedintheorganization’s culture.Workinginastartup,whichisahigh-caliber environment,madethisparteasyforme.Tomakesurethat peopleworktogetherwell,itisimportanttohaveclear rulesandguidelinesthatexplaineveryone’srolesand responsibilities.Thiswillhelptoavoidconfusionandmake surethateveryoneisworkingtowardsthesamegoals.
Itisalsoimportanttoclearlyexplaintaskstoeach departmentsothateveryoneknowswhattheyneedtodo andwhattheexpectedoutcomeis.Thiswillhelptoavoid misunderstandingsandmakesurethateveryoneisworking onthesamepage.
Subscription CIO www thecioworld.com
