The 'Bargain' You Cannot Afford

One of our readers noted this sentence in a recent blog post of ours as a key point in Pythia's value proposition:

"IT security folks accept responsibility for cybersecurity but not for keeping management informed and management pretends to oversee what they merely watch."

(Read the whole blog entry here. Watch a cool scene from the opera Faust here.)

This is, as the post noted, a Faustian bargain, to wit: one enters into an agreement with the Devil to trade something such as his/her soul in exchange for something the Devil can offer, typically youth, beauty, riches, fame, knowledge -- the usual. You may be an atheist or a devout attendee of your congregation, but in either case you know that this is not going to end well for the person entering into the trade.

So it is with the relationship between the CISO and executive leadership. And you know which one is the Devil...right...?

Exactly.

Who, actually, is making the bargain with whom? IT Security people get funding and few questions, while management gets to say they have a cybersecurity program without having to learn about it. 

When you as a leader avoid learning what your cybersecurity program protects, how you know your cybersecurity protection works, or how it protects what you value, you are throwing money away. Remember, just as you do not have to become an accountant to understand your business' finances -- and you attest regularly that the financial statements are correct, don't you -- you do not have to become a cybersecurity engineer to udnerstand your cybersecurity risk management program.

When you as a cybersecurity leader (e.g. a CISO) cannot learn what your company values, how your system creates an environment that enables access to those who should have it and denies it to those who don't, or when you cannot explain how you know your cybersecurity protection works, you are creating liability that endangers your comapny's reputation, customer base, intellectual property, and cash flow. Don't perpeptuate the double standard!

Instead of finger-pointing and blame, ask us how we at Pythia will work with you to create a functional, rational, reasonable, and provable approach to cybersecurity. Your goal is to create a cyber-secure environment within which your company can thrive. We can get help you get there.

It will cost a lot less than your soul, too.

Illustration by Adolf Gnauth / After Julius Nisle - scan from: Johann Wolfgang Goethe: Faust. Der Tragödie Erster Teil, mit Illustrationen aus drei Jahrhunderten, hrsg. von Hans Hanning, Berlin: Rütting & Loening 1982, 2. Aufl., S. 123., Public Domain, https://commons.wikimedia.org/w/index.php?curid=3483163