Why is zero breach an awful way to measure a CISO's effectiveness?

Top Answer : #DetailsMatter Was the breach material? What was the extrinsic and intrinsic cost of the breach? Did the CISO have the support of the C-Suite and Board, or were they the scapegoat?

15 views
3 comments
0 upvotes
Related Tags
Pink USB Stick
Software
#DetailsMatter Was the breach material? What was the extrinsic and intrinsic cost of the breach? Did the CISO have the support of the C-Suite and Board, or were they the scapegoat?
1 upvotes
Red Terminal
Finance, Banking & Insurance
A CISO exists to enable secure business. If the only thing that matters is preventing a breach the ciso should do everything in his or her power to prevent risk, regardless of business impact, and would be incented to hide discovery of weaknesses or compromise.
1 upvotes
Yellow Monitor
Software
Think of going to your doctor for a regular checkup. Doctor checks your BMI; it is 20 and sends you home. That would be a terrible approach to healthcare. To use a single indicator for overall health. So too here – the lack of a breach means nothing without context.  In addition, there are at least 20 significant other indicators that are equally  meaningful and significant.
1 upvotes