I recently saw this great article by a renowned Cybersecurity Strategist out defining the role of a CISO. In a large enterprise these roles could be assigned to a member within a security team, and while not easy, the task could be broken down and addressed. The point however is that security threats do not differentiate between large enterprises or small; commercial or government entities begging the question is a CISO mind map a one size fits all?
(click to enlarge)

(click to enlarge)

If CISOs were to do their jobs to the fullest then this map would make for a comprehensive strategy and a pretty complete checklist of duties and responsibilities – yet how does one present this list to an organization that may lack the needed resources, without the CISO hyperventilating? Often smaller organizations feel like their size works as a cloaking device with an “It’s not going to be us” mentality – Hackers/breaches/ ransomware don’t really discriminate. As a result, the smaller guys still need to be prepared, even if it potentially is a different playing field.
So, how do we go about doing our job right? Let’s figure out how the needs of a smaller organization may be affected by size, resources, number of employees, and so forth. What are your top three you want to address given limitations on resources? Comment below and let’s collaborate!