//
you're reading...
Information Security, IT & TECHNOLOGY

CISOs: Do You Have the Five Critical Skills of a DRO?


CSA-Logo

600x450 (2)CISOs exploring career advancement opportunities have a new consideration, according to Gartner VP and Distinguished Analyst Paul Proctor. At a Gartner Security & Risk Management Summit presentation in June, Proctor talked about the evolution of a new enterprise role, which is a logical next step for some CISOs: Digital Risk Officer (DRO).

While few organizations have formally created the role, Gartner predicts that by 2020, 30 percent of large enterprises will have a DRO in place. Why? Because the increasing integration of digital technologies into business operations and products—the Internet of Things (IoT)—requires someone who can assess technology risk throughout the digital enterprise and provide executives with decisions that impact business processes. An example is assessing the physical system that gathers personally identifiable information from wearable technology. The DRO would look at how the data is used in marketing and sales operations, identify privacy issues, and look at the legality of monetizing the data as a source of revenue.

Proctor reports while CISOs may not have the title, many have gradually taken on some of the tasks associated with a DRO, such as:

  • Reviewing contract clauses for technology risk and security requirements
  • Developing policies to address the growing use of technology not controlled by IT
  • Addressing the privacy and security of data gathered by IoT devices
  • Providing security expertise to Mode 2 projects
  • Dotted-line reporting to operational risk groups

For CISOs interested in making the transition, here are the skills needed, according to several experts:

  1. Fully comprehend how the business is run, recognize desired strategic outcomes and speak the language of executives in order to fully articulate digital risk factors in operational and financial terms.
  2. Understand IT, IoT and operational technology (OT), and the overlap of technology and the physical world.
  3. Have the ability to work in a bimodal organization, supporting Mode 2 projects.
  4. Understand global privacy and e-commerce regulations.
  5. Have a people-centric style to work across the organization in collaboration with businesses, legal, compliance, operations, and digital marketing and sales.

Essentially, the DRO’s role is to bridge the cultural divide between business and technology, says Nick Sanna, president of the Digital Risk Management (DRM) Institute. To do that requires building the organizational processes and best practices necessary to measure and manage digital business risk—including mapping important business processes, assessing exposure to threats and prioritizing risk mitigation initiatives. Sanna admits that building a DRM program will be a complex challenge for DROs, but also a great personal stretch opportunity.

Download The Guide to Modern Endpoint Backup and Data Visibility to learn more about selecting a modern endpoint backup solution in a dangerous world.

Mark Wojtasiak, Director of Product Marketing, Code42

[Cloud Security Alliance Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 119,159 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,247 other followers

Twitter Updates

Archives

August 2016
M T W T F S S
« Jul   Sep »
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: