It is time for another round of Information Security Overrated/Underrated and this time we have Mike Loginov sharing his thoughts on the topics of Data Protection Regulations, IoT security and Business acumen for Security Professionals. Mike is a published author and public speaker, whilst also being busy with his roles as CISO and Chief Privacy Officer. In addition, he is also the freshly baked ‘CISO of the Year’ Cyber Security Awards 2020 winner. If you are looking to add to your library, you can’t go wrong grabbing Mike’s latest book ‘CISO Defenders of the Cyber Realm‘.
Data Protection Regulations
Underrated. With the number of large high profile data breaches the world has witnessed in recent times and with my role as a Chief Privacy Officer at National level, it will perhaps come as no surprise that my take on data protection regulation is that the adoption of consistent and enforceable GDPR style regulation around the globe is a good thing and very necessary driver to help put personal information back under the control of the individual as well as a means to drive organisations to manage and protect PI appropriately.
Underrated. Way underrated actually as lIoT, OT and BMS in some key areas get far less defensive security attention than do IT systems and platforms generally and that’s not the best of scenarios. Much of the Critical National Infrastructure (CNI) for many nation states is underpinned by IoT and as the world grows to become even more interconnected we do need to ensure a holistic triage approach to avoiding and managing incidents across IT, OT, IoT and indeed IIoT as well as human factors is deployed. Developing Communities of Trust (CoTs) is one solution to building a more secure world.
Business Acumen For Security Professionals
Underrated. Knowing and understanding how the organisation you seek to defend and protect operates is essential for any senior level security professional. That doesn’t mean we all need to become corporate accountants, in-house lawyers or HR specialists, but we do need to know and understand the people, processes and technologies that drive the business, it’s strategy and objectives. With this knowledge we can better architect, deploy and focus often limited or stretched resources on the risk factors that are essential for effective security management, risk mitigation and business continuity. As a CISO, being a valued member of the executive leadership team, driving the business strategy whilst managing cyber risk as a core and essential function is a necessary skill set. I say underrated purely from the perspective that the learning never stops. Businesses, market drivers, economic climates all change frequently with the security professional who understands, embraces and responds to changing business needs often shining as valued leaders over those that don’t.
I’m with Mike on these, particularly the Data Protection regulations and business acumen topics. In my view it is difficult to overstate how important these topics will become for security professionals, at least at senior level, in the coming years. What about you? What do you think? Share your comments below or write your own post. The important bit is that we, as a profession, keep an open mind and continue with constructive discourse. If you want to hear more from Mike, pop over to his website or find him on social media.
This blog post originally appeared on LinkedIn