CIO Cyber & Risk Network August 2019
The Cyber and Risk Network August gathering focused on the following areas:
1. The roadmap of Microsoft for security. This discussion included: licensing implications, vendor management and Microsoft Powerapps, and the impact of these in the enterprise environment.
2. Reporting to the board, and how to best join the dots for board members so they have a more complete understanding around the risk issues their organisations are facing.
2b. Most of the CIOs were reporting to the board regularly, from every 6 weeks, through to twice a year.
3. Information classification projects - what works, and strategies to bring the whole organisation on the journey.
4. Most of the CIOs had a seperate cyber audit from their technical audit. Some of the CIOs shared about how to best engage with auditors in order to achieve valuable audit findings that were relevant to the business.
5. An issue that came up in conversation was the business units were assuming that because a service was in the cloud that it was inherently more secure - without knowing which cloud vendor it was hosted with, how it was configured, or even if it was a genuine cloud service at all.