Register
A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the
3.7k views
3 votes
A Chief Information Security Officer (CISO) of a large financial institution undergoing an IT transformation program wants to embed security across the business rapidly and across as many layers of the business as possible to achieve quick wins and reduce risk to the organization.

Which of the following business areas should the CISO target FIRST to best meet the objective?

A. Programmers and developers should be targeted to ensure secure coding practices, including automated code reviews with remediation processes, are implemented immediately.

B. Human resources should be targeted to ensure all new employees undertake security awareness and compliance training to reduce the impact of phishing and ransomware attacks.

C. The project management office should be targeted to ensure security is managed and included at all levels of the project management cycle for new and in- flight projects.

D. Risk assurance teams should be targeted to help identify key business unit security risks that can be aggregated across the organization to produce a risk posture dashboard for executive management.

User Shadowland
by
7.9k points

1 Answer

1 vote

Final answer:

The CISO should target the project management office to integrate security from the start of IT projects, ensuring a rapid and foundational spread of security measures across the business.

Step-by-step explanation:

The CISO should prioritize targeting the project management office first to embed security across the business effectively and swiftly. By ensuring security considerations are included at all levels of the project management process, the CISO can achieve rapid transformation and risk mitigation across new and in-progress IT projects.

This approach leverages existing workflows and maximizes the impact of security measures by integrating them into the foundation of IT project structures. Addressing project management processes secures the organization from the beginning of any technology deployment or change, rather than retrofitting security as an afterthought—thus aligning with the principle of 'secure by design.'

Furthermore, this direction ensures that all involved parties, from programmers to risk assurance teams, understand their role in the security landscape from the outset, streamlining the implementation of secure practices across the organization.

User Tenaya
by
7.8k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.9m questions

11.6m answers

Other Questions

Who was Adam Smith ? Anybody?
What can turn igneous rock into sediment?
In what way did the GI Bill contribute to the growth of professional and white-collar jobs ? A.by providing US laborers with new job-training programs B.by giving US veterans assistance to purchase a new
What is meant by data mining ?
You sell popcorn during your schools football games. Knowing that the people usually buy more when the price is lower, how would you price your popcorn after halftime?
Link Copied!