Reiß: To start with, the function of the CISO has essentially modified in recent times. Beforehand, the main focus was totally on technical facets and operational security. Right now, strategic alignment and management expertise are key {qualifications}. A contemporary CISO should not solely handle technological dangers but additionally act as a sparring associate for administration, assess enterprise dangers, and embed info security as an integral a part of the company technique.
From my perspective, the most important challenges at the moment lie in implementing new authorized necessities akin to NIS2, DORA, and the Cyber Resilience Act. I describe the entire thing as a regulatory jungle that first must be understood. We’re working in a fancy regulatory atmosphere that should be interpreted pragmatically and carried out with the suitable sources. In the end, it’s not nearly making certain compliance, however about rising the security degree all through the whole firm to create higher resilience.
Do we’ve too many security guidelines?
