For a long time it has been well-known and well-recognized that information security policies are the cheapest and most effective tool to increase security.
For a long time it has been well-known and well-recognized that information security policies are the cheapest and most effective tool to increase security. However a proper strategy to reach the precious goals set in the policy is needed. This is where things start getting complicated in practice: The implementation of Information Security Strategies.
More often than not the term “Information Security Strategy” is defined circumstantially and thusdoes not possess a commonly agreed upon, well established meaning. It could represent the real implementation strategy of a security policy, but it is often used as an umbrella term for several high- level documents forming the foundation for information security governance in a company. In general, the Information Security Strategy needs to be well-tuned to the enterprise needs and socio-cultural ecosystem. If this is done successfully the implementation of and adherence to the strategy will fall into place smoothly. If the socio-cultural eco- system is not ready, a change program will help to pre- pare for the next steps.
The Information Security Strategy is a context related document, and must be different before the cloud, with the cloud, with anywhere / any time work and with massive IoT inclusion in to the com- pany’s network. In addition, changes in society and new behavior of youngsters will challenge the CISO for having a buy-inn. To be successful in the long term, societal change needs to be modelled,understood and taken into account. Careful, early verification of the applied models can help to avoidobstacles and lengthy discussions.
At the 14th Swiss CISO Summit you will hear two leading speakers. One giving a retrospective on theexperience of aligning the strategy during his first 100 days in his new position as CISO, and the otherproviding a research and innovation perspective which will give some essential background and intro- duce the round table discussions.
As usual, the goal of Summit 14 is to learn from the speakers, from each other and from the material distributed before the meeting for exploring today’s most recent tendencies in preparing, governing and implementing successfully high-level information security steering documents.