I just heard another story today of a Chief Information Security Officer (CISO) who was fired for pointing out to his CEO that their business processes for handling protected health information was wrong. The organization was transporting protected health information via US Mail on CDs – with no encryption! He pointed out that the laws had changed and if their practices were discovered by regulators, they could face serious consequences. So the CISO got fired! This is not an isolated incident. CIOs and CISOs are being fired for exercising due diligence all over – even though they never had the empowerment to do the right thing. My question is, when will the real people responsible for the mess be fired? Why are we firing the very people who can and want to fix the problems?
It appears to me that top level executives are more interested in covering up the issues and blaming other people rather than accepting their accountability, admitting their culpability and then taking sincere steps to fix the issues. And the very people who are trying to do the right thing are being fired. This is simply crazy! We can never fix an issue unless we are willing to admit culpability. I am not calling for the firing of executives who admit errors and then take concrete steps to fix the issue. People do make mistakes and true leaders learn from mistakes, admit the errors, learn from them and then work hard to fix the problem. Executives who are more focused on blaming someone else will never be able to fix the issue. These executives do not belong in the roles we have entrusted them with.
I think that the era of finance-minded CEOs is over – we need a new era – an era of technology strategists who are ethical leaders, willing to do the right thing, and are willing to use the right technology and cybersecurity strategy to power their organizations forward. Moving a company forward today is not about finance – it is about technology and cybersecurity strategy because without technology no organization can thrive in the modern era. Technology can reduce costs, increase productivity and efficiency, increase collaboration and teamwork, and dramatically increase innovation. This is why I think strategic minded CIOs of the world need to seek CEO positions.
At the same time, strategic CISOs of the world should seek to become modern CIOs. CIOs who do not understand the importance of cybersecurity or do not have the skills to implement a cybersecurity strategy need to move aside. These CIOs who are mostly interested in perennial technology refresh cycles without a clear technology strategy which drives the mission of the organization have justifiably earned the title of “money pits”. CIOs who are simply interested in “keeping things running” are not real CIOs either. CIOs who report to Chief Financial Officers or other officers are not CIOs! So let’s stop calling them CIOs. They are tainting the CIO job title and profession. Real CIOs only report to CEOs and are fully empowered to implement the right technology and cybersecurity strategy for an organization.
from cyber security caucus http://ift.tt/1JLkFhF
via IFTTT
No comments:
Post a Comment