What do you do when a business unit's priorities conflict with security requirements? How do you find a balance that allows you to reduce information security risk while still supporting those business goals?

Security Strategy & Roadmap Governance, Risk & Compliance

482 views3 Comments

Sort by:

CISO in Insurance (except health)a year ago

Balancing business unit priorities with security requirements is a delicate but essential task. The key lies in open communication and collaboration between the business and security teams. Understanding the business goals and constraints allows the security team to propose solutions that mitigate risks without stifling innovation or productivity. A risk-based approach can be instrumental here, prioritizing security measures that address the most significant threats while allowing flexibility for the business to achieve its objectives. Additionally, integrating security into the early stages of business planning ensures that security considerations are part of the strategy, rather than an afterthought, leading to a more seamless alignment of goals.

CFOa year ago

I engage with business units to grasp their objectives and risks. By presenting data-driven insights on potential security impacts and proposing tailored solutions, I align security measures with business goals. This collaborative approach ensures we mitigate risks while supporting strategic aims.

CISO in Softwarea year ago

It is all about establishing the security business goals based on requirements - it is very hard for a business to explicitly define a goal to "not meet security, audit or regulatory requirements".

Content you might like

If your company has an established information security program, which framework is the program based on for controls?

NIST CSF24%

ISO 2700166%

CIS Controls (Centers for Internet Security)35%

NIST SP 800-5319%

Other3%

View Results

Has anyone gone through the UK's Cybersecurity Essentials Plus certification and if so, would you be willing to share with me your experience and what was involved? I just want to make sure I understand what is involved and what is in scope.

We’re evaluating a new ERP. Our company, PROENERGY is a vertically integrated power partner (gas plant design/build, O&M, manufacturing including our PE6000 turbine, and 2.6 GW ERCOT operations).

Considering: SAP Public Cloud, Oracle Fusion Cloud, Microsoft Dynamics, IFS, and Infor Construction Cloud.

Key needs: manufacturing, complex structure with built-in consolidation/reporting, long-range planning, procurement/inventory, and core accounting.

We use Microsoft Dynamics today for CRM/Field Service. Biggest concerns: implementation partners and support resources.

Would love your thoughts.

What are the toughest cultural or operational challenges that come with implementing a zero-trust policy, in your experience? How did you tackle those issues when they came up?

Is there more or less funding for your org's security awareness and training program this year compared to last?

Much more12%

Somewhat more43%

A bit more24%

Neither - same funding15%

A bit less4%

Somewhat less

Much less