The action-packed 2016 (ISC)² Security Congress ended with a paradigm changing keynote from Stan Dolberg and Phil Gardner of IANS on the model for security leadership. In keeping with the conference theme of “Advancing Security Leaders,” Stan and Phil unveiled a research-backed model that shows how high-performing security teams consistently demonstrate competence in both technical excellence and proactive organizational engagement areas. They call their model “CISO Impact™” and the room, filled with security professionals, eagerly took notes as the elements of the model were revealed.
Gardner explained that as security professionals, we have made a promise. That promise is to protect the businesses that they work for, and encourage them to adopt safe business practices. To accomplish this, we must lead, even without authority.
The CISO Impact™ model is broken into the 8 Domains of Technical Excellence and the 7 Factors of Organizational Engagement. Most (ISC)² members understand the concepts of technical excellence and can practice these in the scope of their day to day work. But technical excellence will only mature an organization so far. Without the 7 Factors of Organizational engagement, the business will never adopt safe business practices and achieve the level of maturity necessary to thrive in a connected world.
To achieve the highest levels of maturity in the model, the security leader must engage the business in dialog and consensus building, convincing business leaders to own risk and change unsafe behaviors, weave security into business processes and practices, demonstrate value and deliver projects on time, build a strong and capable team, communicate value to the leadership, and align the security unit in the organization for maximum effectiveness. Sounds easy, right? Organizations all find themselves in different stages of these seven factors and it can be difficult to assess exactly where you stand to today and where you need to go.
This is why we are happy to present (ISC)² members with an opportunity to take a diagnostic designed to measure the 8 Factors of Technical Excellence and the 7 Factors of Organizational Engagement and see exactly where they stand. As a special benefit to (ISC)² members, IANS will be providing a premium diagnostic report to any organizations that complete the diagnostic for a limited time. Normally, this benefit is reserved for paying IANS clients. This is a fantastic opportunity you should take advantage now. You can also benchmark your results with others in your industry to see if you stand out in any of the factors. Do you outpace your competition?
The diagnostic will output a CISO Impact™ Quotient and you will be classified in both the technical and organizational factors as Foundational, High Foundational, Transitional, High Transitional and Executive. Each of those categories representing a higher level of maturity respectively.
To take the diagnostic go to: https://ISC2org2016.iansresearch.com
When enough diagnostic surveys have been taken, we will have the IANS team back to present how (ISC)² members compare to the baseline organizations that have been already measured. This will be a report you won’t want to miss.
So measure yourself – then get out there and LEAD!
By Philip Casesa, CISSP, CSSLP, PMP, product development strategist, (ISC)²