How establishing requirements properly results in best outcomes

Felicia is joined by fellow CISO Dawn Montemayor, partner at PureCyber, which is a security minded business consulting firm. Learn from two CISOs about how vital it is to use operationally mature processes in requirements definitions in order to achieve effective outcomes while avoiding toxic behavior in complex entities.

• the importance of vulnerability assessment and management requirements in contracts
• It is imperative for resource owners to be designated and held accountable to outcomes.
• Exit strategies must be established as part of the procurement process
• Lack of right to audit clauses in cloud services contracts
• How the lack of an effective paradigm leads to destructive decision-making
• IT must not be seen as the dumping ground or janitor. Instead the business must be charged back for the real proportional costs for the cost of service.
• True TCO calculations must be made as part of the procurement requirements definition.
• Systems integration and interaction maps are incredibly valuable
• IT must be seen as a business partner and involved in decision-making.
• Just because IT wants to say yes to help the business does not mean the business gets to disrespect IT standards.
• Talking to the CISO can lead to utilization of an already vetted, approved platform making the pace of business faster.
• Why procurement justification statements are imperative
• Why it is necessary to track TCO and actual costs for product and services associated with a business function
• Why it is essential to use operationally mature processes in a paradigm focused on governance, accountability, and transparency
• Why the CISO and CTO should sign off on procurement of anything for which there is not already an approved policy standard on.
• Why your CISO needs to review the contracts for a service or product before an officer of the company signs the contract
• Why business leaders must consider how their revenue is event driven
• Why the shared responsibility model is imperative. Resource owners must be defined and made accountable.