Ciso Skills

Agile security operations is about implementing an adaptive and iterative approach to monitoring information systems and networks. The goal is to make security operations more adaptable, collaborative and responsive to emerging threats and vulnerabilities.

In the context of security operations, agile can speed up the delivery of impactful monitoring services while maximising value-adding for business stakeholders. Moreover, it can improve alignment with engineering teams so monitoring technologies can continuously evolve.

Security operations centres (SOCs) often operate in the background and within a highly technical context. Moreover, they must deliver operational services under the pressures of service-level objectives. With limited time and visibility, they are always at risk of siloing themselves from the rest of the business.

The fourth quarter is budgeting time for most companies. Equally, most security managers are gearing up to support their CISO with preparing the security budget for the upcoming year.

Security budgeting is an overlooked area in the cybersecurity industry. It’s also an overlooked skill set when hiring and training cybersecurity executives. Yet, it is a crucial aspect of managing a cybersecurity program. Cybersecurity budgeting rests at the crossroads between cybersecurity (as a discipline) and business.

A vulnerability management policy is a key component of an Information Security Management System (ISMS). This is especially true for SaaS companies selling cloud products. Before buying such products, customers will seek proof that product security vulnerabilities are consistently managed.

While a vulnerability management policy, on its own, cannot offer bullet proof guarantees, it is still considered a must-have. Any customer needing assurance that proper vulnerability management practices are being followed by suppliers will expect one.

To carry out business, today’s SaaS organisations must demonstrate some level of compliance with internationally recognised cybersecurity standards. For SaaS companies, ISO 27001 is the certification that is most requested by customers. Obtaining such certification allows companies to demonstrate a systematic approach to information security supported by a credible commitment to employ best practices and continuously improve.

To obtain the certification companies must put in place an Information Security Management System (ISMS) conforming to the ISO 27001 standard. For SaaS companies, creating a basic ISMS should not require large investments. Knowing how to obtain ISO 27001 efficiently and an understanding of what a minimal implementation looks like is all that is required.