What the CSO says and what other executives hear Translation TableWhat the CSO SaysWhat the CEO HearsWhat the CFO ThinksWhat the CIO MuttersWe should run an independent audit to create a baseline profile of our company’s security practices and needs.We should pay some consultant to come in here and figure out that you’ve been using the corporate jet to weekend in Cabo. Of course, we have our own audit group, but that apparently doesn’t drain enough resources for Captain Cost Center.You couldn’t possibly understand my complex systems well enough to audit them.Corporate espionage is a risk we can’t ignore. We should start an internal awareness campaign. Corporate espionage is an opportunity we can’t ignore. We should start a campaign. Awareness campaign? Tell you what, Señor Spendthrift, why don’t we just start a bonfire and use revenues as kindling.Awareness? Are you aware that you couldn’t possibly understand my complex systems?The company should think strategically about risk. Security can contribute to the bottom line. I want a key to the executive washroom, stock options and a raise.Eliminating Joe Millionaire over here would contribute significantly to the bottom line.Our biggest strategic risk is if you think you could possibly understand my complex systems.An adequately trained and motivated security staff is essential for a secure work environment.A motivated security staff could essentially do anything it wants to the company.Hold on, Richie Rich. A CPP training class is gonna cost what???No amount of training could possibly help your staff understand my complex systems.Risk is risk, whether you’re talking about IT or physical infrastructure. I’ll lead our effort to mitigate all risk.I will gladly be your fall guy.Great. Now Spendy the Clown can be the fall guy.You can be the fall guy when my complex systems are hacked, even though you couldn’t possibly understand them.17CSO0603.smp Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe