"Low confidence in cybersecurity inhibits innovation”
July 8, 2015
Cybersecurity is becoming increasingly important, but low confidence in the security inhibits innovation, says Chief Information Security Officer (CISO) Ad Krikke from DSM. That is why he is not only a participant in the Information Security Management (ISM) program, but a designer too.
“I am not only a participant but a co-designer of the Information Security Management program too, because I think the topic is important to my employer. It is a topic that concerns the whole world. Security of information is an increasingly important issue; IT is part of more and more products.
That is also obvious at DSM. When people have no confidence in cybersecurity, they will not want to commit. Consider, for example, developers of new products. When they continue to see risks, it inhibits them from developing new ideas."
Making people aware of their behavior
What do you like about this program?
"The Information Security Management program addresses all three principles associated with information security. It concerns people, technology, and procedures. You learn that security is not just about technology, although that still has the greatest emphasis. Making people aware of their behavior and trying to change it is just as important. When companies talk about technology, it is often about technology in the short term. ISM discusses “security by design.”
Failing to account for security at the design stage makes the project seven times more expensive. This means that you have to get people in an organization to spend extra money in advance. The program also discusses ways of achieving such commitment. The program also talks about procedures. Companies often think about ways to identify risks, but not always about who should do what once such risks have been identified."
Linking business drivers to KPIs
What important insight did you gain?
“I found the knowledge about how to apply the Business Balance Score very valuable. It is a way to link the business drivers to the KPIs of your security policy. That way, you involve the business much better in decisions regarding cybersecurity.
I also thought it worthwhile to speak to colleagues. As a CISO you are often a “lonely cowboy” within the organization. It is good to be able to assess whether you're doing well."
Have you approached things in a different way after the program?
"I have defined the link with the business better. I was already working on that because it is important for a policy's success. But an important eye-opener was how I could do that, namely by using the Business Balance Score. That way, you think about what concerns the business. The latter was an important message."
The program for you as a CISOMore information about ISM
The Information Security Management program – a joint program of TIAS School for Business and Society, Antwerp Management School, and EuroCIO – gives CISOs the knowledge they need to excel in their work environment.