- Forrester Councils
- Councils Overview
- log in
Posted by Andrew Rose on August 5, 2014
Sometimes ambiguity has power — the power to capture the zeitgeist of a movement, culture, or vision without getting dragged into the weeds about what really is or isn’t included; it provides time for an idea to crystallize, become defined, or reach critical mass.
That (somewhat arcane opening paragraph) sums up where I feel we are with regard to the term "cyber." We all know that it has crept into the security and risk (S&R) lexicon over the past few years, but, by managing to avoid clear definition, it’s become all things to all men — a declaration that “information security is different now” but not quite saying how. Think about it: If the US Department of Defence and the standards body NIST aren't aligned on their definitions of cybersecurity, how can we expect CISOs and business execs to be?
I have spoken to numerous S&R leaders recently, and, although there was a fair amount of discord, the CISO of one global financial services organization best summarized the prevailing perception:
"’Cyber’ is something coming from the Internet attacking our infrastructure assets. We're not classifying internal incidents as cyber, otherwise it makes no sense for us to have another word for something that is a classical security incident. It's about the external and internal distinction."
Cartoon included by kind permission of http://www.kaltoons.com/
What has been interesting is seeing how many S&R job titles are being revisited to include "cybersecurity" alongside information security; in some cases, it even replaces information security altogether. At first glance, this may appear to be a trivial rebranding, merely putting lipstick on a pig, but it’s not; this role redefinition is actually an astute move by S&R professionals. They are:
Like it or not, "cyber" is part of our language now. It encapsulates an innate fear that capable, external attackers can steal our customer data or take our critical systems offline at will. As security has become more visible and more of a concern to customers and board members alike, S&R professionals need to use all possible techniques to ensure that they are seen to be fighting the good fight in every way possible. If tweaking your job title helps, then do it.
Lead BT Transformation
Develop customer-obsessed strategies to drive growth »
Forrester's CX Index
Predict how actions to improve CX will affect revenue performance.
Measure the customer experiences that matter most »