Executives, Stay Informed!
By our experts
As an executive, you are responsible for the success and direction of your organization, including decisions related to cybersecurity and risk management. It is therefore crucial that you are kept informed in a timely manner about strategic cybersecurity issues, risk management, and the decision-making process. But how do you approach this? In this blog, I provide concrete guidance and insight into the key concepts that will help you get a grip on cybersecurity so you can make informed and thoughtful decisions.
In the fast-changing world of cybersecurity, it is vital that different stakeholders within an organization, from executives to technicians, receive the right information at the right time to make effective decisions. To achieve this, you can make use of Cyber Threat Intelligence (CTI). CTI is an essential part of risk analysis, enabling you to focus on current and urgent risks. It is an emerging field within information security that allows organizations to proactively and timely respond to digital threats and risks.
One of the primary goals of CTI is to create situational awareness among different consumers and stakeholder groups. Situational awareness refers to the ability of a group to obtain, interpret, and understand relevant information about an issue, ultimately enabling an executive to make informed risk management decisions.
The relevance of information depends on the consumer or stakeholder group. For example, an executive may not benefit much from raw technical data such as Indicators of Compromise (IoCs). On the other hand, a SOC (Security Operations Center) staff member would be less interested in a detailed strategic report. Information is most valuable when it directly contributes to an informed decision in the context of risk management.
Informed Risk Decision-Making
In this expert blog, I am addressing executives. From my experience, I see that strategic decisions on cybersecurity are often made without sufficient information. This is not surprising, as cybersecurity was long viewed as a technical prerequisite for organizations. As a result, cybersecurity issues were often kept outside the boardroom (unless absolutely necessary, such as in the case of an incident).
However, those times are over.
Although executives are generally not directly involved in the technical aspects of cybersecurity, it is essential that they understand the risks and make strategic decisions that ensure the organization's security. Cybersecurity is an increasingly decisive factor in the success of an organization. For this reason, the NCSC (National Cyber Security Centre) recently released a fact sheet to help executives engage in the right conversations with the CISO (Chief Information Security Officer) and gain more control over their organization's cybersecurity.
For example, just a few years ago, the geopolitical influences on cybersecurity could still be disputed, but it is now crystal clear that non-free nations are conducting digital attacks for strategic purposes such as political and economic espionage, digital sabotage, or information operations. Additionally, dependencies on new defining technologies, like cloud technology, now have strategic implications that must be discussed in the boardroom.
Executives often do not have the time, technical knowledge, or resources to independently achieve situational awareness and make informed decisions. CTI can play a significant role in this. CTI ensures that the right strategic information and analysis are available at the right time to make sound decisions.
At the NCSC, we use various types of experts for this. CTI specialists and analysts are responsible for mapping an issue by gathering, analyzing, and interpreting the necessary (technical) information. Together with advisors, they work on recommendations and actions that can be presented to a decision-making authority, such as an executive.
Intelligence Requirements
To ensure that you are informed when making risk management decisions, specialists, analysts, and advisors need to know which information is strategically important and which issues are on the boardroom agenda.
As an executive, you play a crucial role in this. While you do not need to gather and interpret all the information yourself, it is essential that you clearly communicate which issues you want to be informed about and within what timeframe.
This information need can be formalized through intelligence requirements. Intelligence requirements refer to the specific information needs of stakeholder groups within an organization to support digital security objectives and risk management strategies.
For example, a SOC staff member needs information about malicious infrastructure to recognize harmful network traffic in time. This information need can be recorded in an intelligence requirement, which also indicates how and with what frequency the information should be provided.
Intelligence for executives
Intelligence requirements also offer you, as an executive, the opportunity to explicitly state your information needs. This enables specialists, analysts, and advisors in your organization to know which issues and with what frequency you wish to be informed.
For example, it helps clarify that, unlike a SOC staff member, information about malicious infrastructure is less relevant to you. On the other hand, threats and risks related to new technologies you wish to invest in may be a top priority.
It is important to make choices and focus on a concise set of intelligence requirements. Discuss these with your CISO, CTI lead, and/or strategic advisors who are responsible for your information provision. Engage in dialogue, and allow them to advise you on which intelligence requirements are realistic and how you would like to be informed in the boardroom.
As an executive, you do not need to have in-depth technical knowledge to make informed decisions about cybersecurity. What is essential is an understanding of the strategic risks posed by digital threats and their impact on your organization. By setting clear intelligence requirements in advance, you ensure that you are informed in a timely manner at the right level, allowing you to make well-considered decisions that ensure the security and continuity of your organization.
Bart van den BergĀ is the coordinating CTI specialist at the NCSC Operations Unit.
More blog posts
Leave a comment
You can leave a comment here. Inappropriate comments will be removed. Comments are limited to 2,000 characters.
Comments
No comments have been published yet.