We propose a series of recommendations from hard lessons learned and a best practice approach to:
- Build and deliver a CISO first 100-day plan, to organise the key activities and initiatives that should be undertaken at the start-up phase, through to delivery of the final results at the end of 100 days; and
- Increase the chances of success, reduce the risk of failure and provide a platform for a new CISO to thrive in the role.
According to a study from the Enterprise Strategy Group and the Information Systems Security Association, a lack of alignment between the CISO role and the business, the C-suite and the Board of Directors can contribute to high CISO turnover. Therefore, it’s essential for a new CISO to have a plan and be able to communicate it consistently to all the key stakeholders.