Aligning Cybersecurity Controls With Business Risk AppetiteMatt Gordon-Smith on Corporate, Operational Approaches and Building Diverse Teams
When aligning and implementing controls with business risk and the organization's risk appetite, the corporate side is concerned with confidentiality of data while the operational side cares about availability. Different approaches are needed to get the right outcome, said Matt Gordon-Smith, former CISO at Gatwick Airport.
Enabling different approaches is also one of the reasons why it's important to ensure diverse teams. Leaders need to look at the aptitudes and attitudes of the people they are bringing in and determine whether they can bring skills from elsewhere into the business and apply them to information security.
In this video interview with Information Security Media Group, Gordon-Smith discussed:
- Improving business decisions with better risk information;
- How to write job descriptions that can help widen the organization's skill sets;
- How to find security talent outside of the existing information security community.
Smith, who led security at Gatwick Airport, is an adviser to EasyJet. He has more than 20 years of experience across multiple disciplines and business sectors for several global organizations, balancing technical knowledge and expertise with stakeholder engagement.