Introduction to Cybersecurity Management by Kamata Keisuke

Author:Kamata, Keisuke [Kamata, Keisuke]
Language: eng
Format: azw3
Published: 2019-04-15T16:00:00+00:00

c) The Role of Managers in Intermediate Position

Managers play important roles in promoting cyber security. The key to success in cyber security management depends on the assigning managers with both technical and management skills who hold an intermediate position effectively. These managers have different responsibilities and challenges.

Figure 4-1: Role of Managers in Intermediate Position

The role of managers starts with updating information on the company’s assets and carrying out risk assessments under instruction of the executive managers. Under the management policy, they adopt the schedule for security management and supervise its execution. They are then required to proceed to further response after revealing the risks in the company’s cyber security. They report to executive managers and execute risk management in the entire company. Combining various perspectives becomes important for the creation of various types of further responses – a long-term perspective on the management strategy level (up to several years), a mid-term perspective at the planning level (from one month to several months), and a short-term perspective on the operational level (from several days to several weeks).

If cyber security countermeasures are not enough, it is important for managers and executives to discuss business continuity and risk management perspectives regarding the company’s future.

There are likely many managers in charge that reassure their executives that the “security countermeasures are running fine.” However, when the damage of the cyber-attack was inevitable, it is important to explain that a security response was carried out, but that the company has a particular vulnerability according to the latest trend in cyber-attacks (and that “there is a necessity for additional responses” – this is an explanation that should be made). The main point of this attention to the truth is not to show the vulnerability in your company’s security, but to discuss the latest changes in the world of cyber-attacks and whether your company is able to keep up or not.

In this case, instead of making detailed technical explanations, one should create the image of real result of a cyber-attack in their heads . To succeed in communication with executive managers it is important to know their personalities. Corporate executives are often sensitive to the contents of newspapers and news, and often do not prefer technical explanations (of course, there are executive managers with a strong interest for technical matters). For those who work directly with the risks of cyber-attacks, the instructions and expressions of executive managers may seem ridiculous. That is why a report to executive managers is more successful when it is done by a managers who has general knowledge of technical matters (and understands the matter in general terms), rather than a specialist.

When a company is larger, different style of reports are required in order to deal with multiple of executive managers in cyber security related positions with different level of cyber security literacy and recognition.

To understand the dangers of the actual harm done by cyber-attacks, executive managers should have some knowledge of cyber-attacks. It is ideal to make regular lectures concerning cyber-attacks to executive managers.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.