Writing in CSO Online on The Most Stressful Aspects of Being a Cybersecurity Professional, Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group, reports on the top stressors for CISOs, based on a survey by ESG and the Information Systems Security Association (ISSA).
Infosec pros surveyed ranked these stomach-churners at the tops of their lists:
- Keeping up with the security needs of new IT initiative
- Finding out about IT initiatives/projects started by other teams with no security oversight
- Trying (and failing) to implement effective security awareness training.
- Keeping up with a growing workload
But it was this pain point that caught our eye:
- Trying to get the business to better understand cyber risks
“I have some good news and bad news here,” Oltsik writes.
“The good news is that we are on the cusp of a new class of proactive risk management tools…that can monitor and report on cyber risk in real time”—and he names RiskLens in that category.
“This class of technology will help CISOs and business executives make data-driven and timely risk mitigation decisions.
“The bad news is that too many companies still view cybersecurity as a necessary evil and really don’t care to better understand cyber risk. Cybersecurity professionals working at this kind of organization should address job stress by simply moving on.”
To put a positive spin on it, we’d add: Don’t move on without trying to introduce cyber risk quantification with the FAIR model and showing the organization that cyber risk can be addressed in the same financial terms that the business uses for all other decision-making.
Read the ESG/ISSA report: The Life and Times of Cybersecurity Professionals