Organizations with medium security awareness are likely to focus on simplifying compliance and privacy efforts, simplifying the infrastructure of IT security, improving third -party risk management, shortening the time of response to accidents, in addition to reducing spending, improving control of Access, explore MSSP options, says Ross.
Meanwhile, the CISO organizations, which usually lead to high ripening organizations, focus on improving their understanding of external threats and accelerating the use of artificial intelligence to improve security effectiveness, says Ross. They also look forward to doing better work to take advantage of data and analyzes for safety purposes, and they bear the responsibility of the risks offered by both operating and information technology systems. At the same time, they continue to focus on doing better work on the basics, such as improving risk management from the third party.
Certainly, Ross adds that some priorities – such as ensuring the ability to define an attack and short of response times – global. “These are permanent priorities, because they are very important for ongoing business and operations,” he says.
Setting accountability
However, there is an emerging trend between the best CISO that seeks to implement on their long list of permanent priorities, says Chadock from West Monroe.
