CISOs Must Incorporate Regional Laws and Regulations into Cyber Strategy

Chad Berndtson


Over the past decade, the role of the Chief Information Security Officer (CISO) has evolved to keep pace with today’s dynamic threat and regulatory environment. In a new paper, Palo Alto Networks and Korn Ferry examine five things CISOs will need to focus on as their roles shift to accommodate executive responsibilities and more is expected of their teams in the coming years. An excerpt is below.

For multinational companies, it will be necessary to grow strategic regional teams to address the complexity of data and privacy laws. GDPR, for example, is global in nature because of the number of companies around the world the regulation impacts. When thinking about regulations like this, the question for companies becomes: how do you create capabilities that address something like GDPR in the context of European stakeholders while still considering Canadian or U.S. privacy laws?

What CISOs can do today:

  • Familiarize yourself with the impact of these regulations. Bring in a third-party expert to explain the intricacies and considerations.
  • Consider introducing the role of a business information security officer, or BISO, in certain key regions. Although they may not be focused on cybersecurity, they should focus on the risks, regulatory impact and privacy laws in their respective countries.
  • Align closely with legal and policy teams to advise on the impact of these laws on your organization.

Download your copy of “2020 and Beyond: What’s Ahead for CISOs and InfoSec Teams?

 

Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.


© 2018 Palo Alto Networks, Inc. All rights reserved.