Sure, let’s go with enabling! But my understanding was that senior executives weren’t highlighting security as a major priority.
I suggest replacing “demanding” in your tweet with “enabling” - I’ve never seen the CEO want more security than what the security team already wants, the problem is almost always the reverse, not enough resources allocated to the security team.
1
2
1
Depends on the industry, but companies that don’t focus enough on security are not because CISO failed to raise the red flag, it’s because financial incentives lie elsewhere. Other issue is CISO almost never reports to CEO, so messaging from security team is through CTO/CIO lens.
Oct 12, 2018 · 11:59 PM UTC