Description

Last year the New York State Department of Finance enacted cyber-security regulations touted to be among the most stringent cyber-security law to date. These rules apply not only to New York financial entities, but those with whom they do business wherever located. The NYDFS cyber-security rules hold corporate boards and company executives accountable for enacting a comprehensive cyber-security program. Only months ago, the European Union began enforcement of the General Data Protection Regulation. This privacy law applies to companies globally, not just in the EU, and imposes enormous penalties for failures to adhere, again putting responsibility on corporate boards and leadership to assure compliance. Changing business, digital transformation, new markets, and new consumers, have produced a voracious demand for the collection, aggregation, and consumption of data. Executives and operating boards recognize that disruption and innovation will be the incubators of new ideas and market success but are challenged as to how to move forward and achieve a path to disruption without damage, and without excessive risk. They recognize that the opportunities to participate in new markets and transform, or to be 'disruptive', is not possible without a secure operating environment, and without a risk management strategy that enables new opportunity. The CISO increasingly is the executive called upon not just to protect, but to provide confidence, interpretation of risk, and measured response to threat. The CISO is also the executive called to provide the understanding, guidance, and leadership that enables the execution of complex business strategy within a context of risk. The growing importance of the CISO in leadership is a recognition of the new realities of business. Privacy and security are in focus everywhere. The message is clear and is embodied in law. Corporate leadership is now accountable. Their success is tied to the effectiveness of their security programs. And the success of security programs to the appointment of a competent Chief Information Security Officer, redefined for executive leadership, communication and business success. The sub-title of this book is Leadership, Business Protection and the Chief Information Security Officer. It is exactly the ability to assume leadership and an overarching role of protection in all aspects of business and business change that has redefined the CISO. Martin Gomberg, CIO, CISO, CISSP, CIPP/E, executive adviser and privacy specialist, brings a unique professional history and perspective to interpreting the changing role of the CISO and the emergence of the CISO Redefined.