Leadership & Executive Communication , Training & Security Leadership
Designing a Business-Aligned Cybersecurity Program
AMP's Head of Cybersecurity on How to Get Business Buy-InIn order to have a business-aligned cybersecurity approach, it is important for a CISO to get buy-in from executive management before approaching the board, says Chirag Joshi, group head of cybersecurity at AMP, a financial services company in Australia.
See Also: Post-Transformation: Building a Culture of Security
Joshi says to start with the management because you need to understand its priorities. For example, he says, if an organization aspires to move from largely on-premises, phone-based customer service to a direct-to-consumer digital channel, you will need to have a different way of working than you had before.
"From a cyber perspective, you need to understand if you are equipped to handle this change. Do you have the tools and technologies to manage the change? You will only know this when you have a conversation with the businesses executives," he says.
In a video interview with Information Security Media Group, Joshi also discusses:
- How to start a business-aligned cybersecurity strategy;
- Whether to take a top-down or bottom-up approach;
- The role of risk management in a mature cybersecurity program.
Joshi is group head of cybersecurity at AMP, a financial services company in Australia. He is also the author of the worldwide best-selling book "7 Rules to Influence Behaviour and Win at Cyber Security Awareness" and the director of the ISACA Sydney chapter.