No cyber security program can be successful if the executive buy-in is not secured during its initial planning stages. However, many organisations still lack top management that believes in a strong security culture – or invest the time and resources needed to establish and maintain one. What factors contribute to their shortsightedness, and what strategies can CISOs use to convince them otherwise?
Securing an environment can be a challenging task. What framework to select, NIST Cyber Security Framework, ISO27000 or others? The Center for Internet Security’s CIS Controls provide an approachable solution to that challenge.