In this chapter, we’ve described how information security teams need to work with their customers and stakeholders to establish a risk management framework based on the company’s defined risk profile by implementing the strategic risk concepts of risktascity. Furthermore, we have discussed that although managing risk is a critical element of all cybersecurity programs, there are other factors which are equally essential to increasing maturity. The other factors include building and sustaining the right relationships, both inside and outside of the company; establishing a culture of cybersecurity—a mental model of safety for all members of the company, not just the information security team; focusing on performance measures that both demonstrate the contribution that the information security team has to achieving strategic business outcomes as well as ensuring that the information security team is invested in personal growth and wellbeing; and the role of the CISO in cementing the tone from the top related to customer intimacy, empathy, respect, engagement, inclusion, development, and continuous improvement. An information security team will be constrained in its effectiveness if it focuses only on securing the enterprise at the expense of important business outcomes and experiences. In this context, developing emotional intelligence and empathy in our cyber warriors will exponentially improve cohesion and continuity and significantly reduce derision, distrust, distain, and cultural declination.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity