您的组织是否已为NIST网络安全框架做好准备？

CISO Edge:12 Ways to DeliverCybersecurityBusiness ValueFasterGartner Research Richard Addiscott, Tom Scholtz, Christopher Mixter,Tisha Bhambry, Manuel Acosta 15 December 2023 CISO Edge: 12 Ways to Deliver CybersecurityBusiness Value Faster Published 15 December 2023 - ID G00797520 - 18 min readBy Analyst(s): Richard Addiscott, Tom Scholtz, Christopher Mixter, Tisha Bhambry, ManuelAcosta Initiatives:Cybersecurity Leadership; Build and Optimize Cybersecurity Programs Challenging global economic conditions are driving enterprises toaccelerate their digital business transformations. Cybersecurityleaders must also accelerate their efforts and demonstratesecurity’s critical role in their organizations’ digital ambitions. Overview Key Findings Boards are responding to ever-greater market uncertainty by raising the pressure onexecutive teams to accelerate digital business transformation and spur growth. Anagile and responsive cybersecurity function enables that growth securely and helpsit foster a sustained competitive advantage against those taking more conservativeapproaches.■ C-level leaders increasingly shift digital budget allocations from central IT functionsto business units to accommodate their digital ambitions. This is a move supportedby the majority of chief information officers and can increase the number ofstakeholders the chief information security officer (CISO) and security team need towork with and satisfy.■ Boards and senior executives need cybersecurity leaders to adapt their securitycapabilities to support and amplify the business’ efforts as their organizationscontinue to evolve.■ Cybersecurity leaders find it challenging to prioritize and invest in security practicesin sustainable ways as business demand increases.■ Recommendations Cybersecurity leaders working to accelerate their security capabilities’ ability to adapt tosupport the organization’s increased digital business progress should: Gartner, Inc. | G00797520 Shift the team’s mindset by asking them to recite the business strategy, showing howtheir work aligns to it and quoting performance highlights from the annual report.■ Improve stakeholder relationships and amplify security messaging by aligningsecurity initiatives to business priorities and establishing a security championsprogram.■ Reduce inefficiency and waste by retiring security controls that impact the userexperience but have negligible impact on reducing cybersecurity risks.■ Redirect resources and optimize limited security resources by testing robotic processautomation and canceling redundant security initiatives.■ Introduction Gartner research shows that 58% of boards of directors expect to increase their riskappetite in between 2024 and 2025, and 58% see digital technology initiatives amongtheir top five business priorities for the next two years.1Further, 90% of CIOs say thatbusiness area leaders should be responsible for leading digital transformationinitiatives.2 The shifts in digital decision-making power structures will change the cybersecurityleader’s operating context. However, this evolving landscape is further complicatedbecause stakeholder confidence in the cybersecurity leader’s ability to support theseinitiatives as a trusted partner is not assured. Gartner research shows that 47% of CIOssee cybersecurity risk mitigation processes as a hindrance to digital execution.3 Beyond the board’s increasing risk appetite and wavering confidence levels, otherimperatives are driving the need for the cybersecurity leader to accelerate thecybersecurity program: ■Decentralized digital decision making, often by people without adequate levels ofcybersecurity literacy or risk management experience. Increasing regulatory pressureon boards of directors to ensure the organization’scybersecurity risk posture is appropriate. This is forcing boards of directors to beincreasingly exposed to, and have oversight of, the organization’s cybersecurity riskposture and the requirement for them to become more cyber-literate (see QuickAnswer: New SEC Cybersecurity Rules — What CISOs Should and Shouldn’t Do).■ The challenge is that cybersecurity leaders are already struggling to keep up with existingdemand. Finding the capacity to deliver more project volume, at a faster pace, with greaterflexibility and customization — all without more people or resources — is an impossibleendeavor. As a result, cybersecurity leaders often struggle to enable the business andmaintain executive confidence. How do cybersecurity leaders continue to ensure their security capabilities are able to keeppace with the business as digital business leaders continue to accelerate their digitalinitiatives in pursuit of growth? Further, how do they achieve this when most cybersecurityleaders are already stressed and at increased risk of burnout?4 To help deliver business outcomes without burning out, cybersecurity leaders mustidentify, and then execute, initiatives as appropriate for their organiz