Reporting

Reporting
How has GDPR and CCPA changed your use or procurement cybersecurity tools?

Top Answer : Not much directly but in some situations avoiding an agent, a plugin, or something that requires a cookie will mitigate privacy risks.  Many security technologies in how they are architected, deployed, and how the vendor gathers and shares information actually is generating a substantial amount of privacy risk

Digital Innovation Comparisons - Business MetricsDigital Innovation Comparisons - Business Metrics

This report benchmarks business metrics for digital innivation across IT departments.

0 views
0 comments
1 upvotes
Related Tags
How can consolidating security across independent subsidiaries improve security processes in an organization?

Top Answer : As we transformed 21st Century Fox into “New Fox”, Fox Corporation, after the Disney acquisition we consolidated both the IT teams and the security team to be uniform across the board. Everyone's been over the moon with this whole transition. It has skyrocketed our ability to secure things and exponentially increased visibility across systems through consolidation and replatforming. Not only that, but I think the businesses are pleased with all of the modern applications that they've transitioned to. Our CEO, Lachlan, has also made it very clear he wants everyone operating in a "One Fox" mindset across the company. I think that has gone a long way at the senior executive level and with the technology systems to make it understood that we're going to have consistent ways of working across the board and a focus on the overall FOX mission. Our businesses have moved from independently managed on-prem systems into consolidated SaaS platforms. This has allowed us to dramatically improve our efficiency from a cyber standpoint and it provided the unique opportunity to re-think security for every system and workflow, as well as design systems with a “secure defaults” configuration. The company transition provided a once in a lifetime opportunity to replatform the company and cyber took full advantage of this.

Question for the apps leader out there. What metrics do you track and report up to BoD or CIO dashboard for your organization? Financial performance, project performance, operational performance, etc. Trying to come up with relevant and useful metrics that go beyond simple # apps, incident and findings.

Top Answer : Assuming you have the operating ones covered. For business leaders we provided Total cost of ownership Total users per month Total users activated/deactivated Average hours usage per ID and sometimes the distribution And depending on the app we might give metrics on where and what department for the above metrics

13 views
1 comments
1 upvotes
Related Tags
How should IT align its OKRs to the company’s OKRs?

Top Answer : I think it takes a top-down and bottom-up approach. You have to do both. We have been implementing OKRs, which I think is familiar to a lot of companies at this point. The OKR approach really helps drive from company objectives to product vision and objectives all the way on down to each department. This helps everybody to come together and coalesce to rally around those things. What are the key results that we are driving, and where are we adding accountability? But you also need a bottom up approach.  You have to speak with the teams and understand the pain points. Where are the bottlenecks, where are we being inefficient? And those, in turn, can also inform some of those objectives and help define key results, informed by KPIs etc. I meet regularly with key stakeholders, my peers, our leadership team, and the product team especially. We're joined at the hip on OKRs, so that way we're all moving in lock step, discovering opportunities to use all resources creatively and constructively. And then, at a micro level, we are ruthlessly agile on my team. I'm a big proponent of getting away from the waterfall mindset. It’s about being willing to shift when it's appropriate, and finding the resources and time to do the right thing as the world changes and the marketplace evolves.

Career GoalsCareer Goals

This report was created with the goal of helping IT Executives identify and work on their personal career goals.

0 views
0 comments
Related Tags
Does reporting line matter to your effectiveness?

Top Answer : I don’t think so.   I currently lead the business operations and partnering with software transformation at Juniper.  At Mist, I had a very broad role managing business operations.  I also had sales ops, logistics, supply chain, owning NPI, CPQ.  I ended up being dotted line to sales, to product, even if I was really reporting to the CFO. l’ve always been manager/boss agnostic.  It's not been something I really have ended thinking about. For me, it's more about, okay, what can I do to  have an impact and move the needle?

How should you respond when asked to white-wash a security risk?  How does the CISO protect themselves from unfairly taking the blame and being held liable?

Top Answer : I think that's why the reporting lines are so important.  I'm not going to make the decision that you like; I'm going to make the decision I need to make to defend the data and/or company.  So we're going to have a conversation about how is the risk positioned.   How is it positioned with the board versus the operating teams.    There's a time when you have to say what you have to say, and you need to make sure it's documented that you delivered the risk in the way it needed to be delivered. Results vary depending upon how this role is structured.

Have you ever been asked to white-wash a security risk?

Top Answer : There's been times where I've been asked, directed, or coached to characterize risk differently. I call it whitewashing risk or rinsing risk or something that just dilutes the discussion and the impact.  I know there's times where I've reacted to it negatively and it's been the executive wanting to push and poke to see how firm I was going to stand, to know if I was elaborating on the risk or elevating it beyond. So sometimes it's also just a poke to really test whether or not you really think it's a real risk. It just comes across as a request to water it down or whitewash it or change it.  On the other hand, at previous companies, I saw how the enterprise risk map, and other things, that literally had been vetted for months with every business unit, every risk and control lead, my team, lawyers in those business units...i saw those things sometimes get aggregated into a broader context.  Sometimes that made sense and other times it seemed a bit watered down so that by the time it went to the board, it was a more benign issue, when perspectives from those who created the initial risk mapping believed it to be a standalone issue that needed to be addressed and needed to be discussed.