Brad Gorka, CISO at Veritiv, describes how nearly 30 years in information security have reinforced one principle: assess the people first, then build the program. Running lean teams across organizations of every size, he explains why the essence of security strategy is deciding what you won't do, and why the CISOs who set honest scope build teams that actually deliver.

We can find ourselves hostage to a person in IT who alone holds access to key programs and data. How do you prevent such a vulnerability, and what do you do if it’s too late? Here are three practical plans to work through.

Good AI policies are easy to get your hands on and modify. Good adoption of those policies is a different matter. It's not in the policy, it's in the presentation.

CISOs are overwhelmed and often short-term. Neither need be. As CIOs, you have the opportunity to make them a hero. You just need to help them through one big problem with three strong moves.

Boards don’t want to get caught in a crisis, let alone one in which they were warned but caught unprepared. Boards need to challenge the paradigms by which they think of security, increase their knowledge of security as a business strategy, and respond with concerted management, strengthened posture and preparation.

The CIO and board of directors must implement a new dashboard that indicates secure risk management, business alignment and incident responses are in place and functional.

Cyber-crime costs to the world will double in a six year period ending in 2021. More reports of attacks give rise to a gnawing sense of inevitability. As leaders in the fight, there is only one strategy that safeguards our companies. Inevitability must promote “Response-ability.”

It’s difficult to know the answer in the changing landscape of digital transformation and the roles of C-Suite Executives. The CIO is now being seen more as the right hand to the CEO. But does that mean everything the CIO contends for is worth the investment?