EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
How EY can help
-
Discover how EY's cybersecurity, strategy, risk, compliance & resilience teams can help your organization with its current cyber risk posture and capabilities.
Read more
Setting the agenda for the quantification of security risk in financial terms should be a goal of the CISO. This should be directly linked to security investment and measured and reported on a regular basis. Understanding and communicating the value of security investment for the business will significantly help to drive continual improvement and senior executive buy-in.
Embracing continual change will be critical for CISOs. The ability to enable the business to evaluate exciting technology innovations in an agile and secure manner could prove decisive for establishing trust. This will be critical from a cultural perspective to change any perception of security as a blocker to that of an enabler for the business. This will move security up the value chain.
Automation of security controls and reporting should be central to the objective of any new security initiative that a CISO drives. The days of the perimeter are long gone and this has been reinforced by the pandemic imposed “new ways of working.” The result is a shift from technology and data-centric security to a more user-centric security. This will require more sophisticated detective and preventative controls which have begun to emerge through the next wave of security solutions leveraging automation, Artificial Intelligence (AI) and Machine Learning (ML) techniques.
Q. With the evolving threat landscape and rise in ransomware attacks, what are the new upskilling areas for the Irish CISO?
A. Incident response can be confusing for many organisations. Many organisations struggle to strike a balance between roles and responsibilities and the overlap between business continuity plan (BCP) and disaster recovery plan (DRP), crisis management, resilience capabilities and even data breach response requirements.