Alignment of Cybersecurity with IT

Topic:?Alignment of Cybersecurity with IT

Facilitator:?David Lin, Chief Information Security Officer, GIA (Gemological Institute of America, Inc.)

Event:?Virtual California CIO & CISO Strategy Meeting, November 15, 2022

Summary of Discussion

What is the discussion about (Overview of group discussion)?

What did we think about when we hear ‘alignment’??Can there be alignment??What is the right mix??Is it based just on reporting structure such as CISO reporting into IT (CIO), or can it be reversed?

What are the critical areas discussed and why was it imperative to the group?

• Reporting structure is important, however, it’s more critical that the two organizations (or single) find the right balance for joint success.
• Regardless of the topic, budget, priority, or challenge find the right balance pending your organization’s maturity, talent, and skills.
• Identify common grounds or joint success that the two organizations can achieve together.
• For small organizations, create and utilize a risk framework to drive priority so the team does not get burdened with just daily operational responsibilities.

What are a few takeaways from the discussion?

There is no ‘right’ alignment that can be defined.?The right alignment is the balance that works for your organization to achieve shared success.?It’s up to both IT and Security leaders to find common ground.

?Do you have any recommendations to share?

Find the right balance to work together and ensure base-level IT operations are in place, which will reduce a significant amount of security risk, e.g., asset inventory, hardening standard, and patching and vulnerability remediation management.