What’s the mission of your security program? Is it to proactively secure the company against a compromise of the confidentiality, integrity, and availability, or, is it to protect the company brand by effectively preventing, detecting and responding to cyber-threats?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, Levis, and our guest, Johna Till Johnson (@JohnaTillJohnso), CEO, Nemertes Research.

During the video chat we discuss these two options. They’re written out here for your easy reference.

Option 1: A strategic security program is necessary to proactively SECURE THE COMPANY against a compromise of the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY of Logical (Business Systems) and Operational (Retail Store/Warehouse/Powerplant/Hospital Systems) multi-national assets.

Option 2: To PROTECT THE COMPANY BRAND, we will modernize our security capabilities in order to effectively PREVENT, DETECT and RESPOND to cyber-threats that impact the business revenue stream(s) of the company.

Thanks to this week’s sponsor, Trend Micro

Trend Micro
The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO

Got feedback? Join the conversation on LinkedIn.

In this episode

  • Security mission option 1: protecting the company
  • Security mission option 2: protecting the brand & revenue stream
  • Does one lead to/support the other?
  • Does the degree of cloud presence make a difference?
  • How much of this is technical vs philosophical?