CISOs Must Incorporate Regional Laws and Regulations into Cyber Strategy

Over the past decade, the role of the Chief Information Security Officer (CISO) has evolved to keep pace with today’s dynamic threat and regulatory environment. In a new paper, Palo Alto Networks and Korn Ferry examine five things CISOs will need to focus on as their roles shift to accommodate executive responsibilities and more is expected of their teams in the coming years. An excerpt is below.

For multinational companies, it will be necessary to grow strategic regional teams to address the complexity of data and privacy laws. GDPR, for example, is global in nature because of the number of companies around the world the regulation impacts. When thinking about regulations like this, the question for companies becomes: how do you create capabilities that address something like GDPR in the context of European stakeholders while still considering Canadian or U.S. privacy laws?

What CISOs can do today:

• Familiarize yourself with the impact of these regulations. Bring in a third-party expert to explain the intricacies and considerations.
• Consider introducing the role of a business information security officer, or BISO, in certain key regions. Although they may not be focused on cybersecurity, they should focus on the risks, regulatory impact and privacy laws in their respective countries.
• Align closely with legal and policy teams to advise on the impact of these laws on your organization.

Download your copy of “2020 and Beyond: What’s Ahead for CISOs and InfoSec Teams?”