The Increasing Role of the CISO in Operational Resilience

April 15, 2022

The Increasing Role of the CISO in Operational Resilience

As supply chain attacks and disruptions are becoming more common, Interos sees the increased need for the Chief Information Security Officer (CISO) to become more proactive in dealing with business continuity and risk management to achieve operational resilience. This need is discussed in detail in Michael Rasmussen’s paper, www.interos.ai/mikesbloglink/ from GRC 20/20 Research.

Michael is a well-known figure in the cybersecurity and governance, risk management, and compliance (GRC) community. He was for many years a top Forrester Research analyst, and now runs GRC 20/20. In this paper, the need for the CISO to look at operational resilience as an achievable task is well laid out both in approach and goals.

CISOs Must Consider Business Continuity and Risk Management

Operational resilience is the ability of an organization to plan for supply chain disruption, be able to execute correctly, and take advantage of new situations. Many organizations lack the agility to deal with supply chain disruption because they fail to see it as a regular part of business continuity & risk management planning. Recent events have shown how some organizations have been caught entirely off-guard by disruption, but others have pivoted and thrived. 

The CISO’s role is one of protecting the organization. This is now increasing to include active threats, including supply chain cyber disruptions and risks. A cyber-attack can disrupt a supply chain because a supplier was found to be using counterfeit goods or subject to sanctions. The recent Log4J event highlighted this problem. Most vendors provided a patch, which was the most straightforward approach. For instance, some vendors’ solutions had to be repositioned within the network behind a Web Application Firewall (WAF). Still, others that could not be mitigated had to be removed and replaced, which was the most disruptive. 

Supplier issues are addressed in the same way. A supplier may have a cyber-breach, but most can address this with patches and taking a positive approach to resolving the problem. Suppliers found to be using counterfeit goods may have some products discarded or re-worked with new material, fixing the problem. But a vendor who cannot come into compliance or has fundamental issues like bankruptcy must be replaced, which has the most negative effect on the organization. The CISO must look at more risk factors than cyber to address this proactively. They must coordinate with the other teams within their organization to discuss business continuity & risk management concerns, and ultimately guide executive leadership on the best way to achieve operational resilience and prepare for supply chain issues.

The GRC 20/20 paper addresses this subject in detail. Interos suggests you review it and learn from Rasmussen’s vast experience the best approaches for a CISO to become a master of operational resilance. To learn more about the Interos platform, and how it can help CISOs with challenges tied to business continuity and risk management, visit interos.ai.

Download report.

View next

Ensure Operational Resilience

Request Contact

Build operational resiliency into your extended supply chain:

  • 889 compliance – ensure market access
  • Data sharing with 3rd parties and beyond – protect reputation
  • Concentration risk – ensure business continuity
  • Cyber breaches – assess potential exposure
  • Unethical labor – avoid reputational harm
  • On-boarding and monitoring suppliers – save time and money