Finosec Official Blog

Staffing Questions

Apr 21, 2022 10:15:00 AM / by Finosec

In a technology driven industry, it is easy to assume that most of the decisions made around your cybersecurity posture are related to tools and software. While that may be the case a majority of the time, FINOSEC President and CEO Zach Duke also raises some questions and awareness around the impact of staffing on your cybersecurity and information security environment. In the video below, Zach poses questions around ISO independence, support infrastructure, and how to navigate staffing limitations. Watch the video and come back after the break for further discussion.


Staffing Questions V1


Zach offered three critical questions that those in executive leadership can ask about their staff as it relates to cybersecurity and information security. 


  1. The regulatory expectation is that the Information Security Officer (ISO) should be separate from IT, so the question is: does the ISO have independence in that role? Can they add administrative accounts or make changes to systems? If so, a critical follow-up question is whether or not you are okay with that business risk and the associated regulatory risk? Being aware of these elements is vital.
  2. Local community banks often see staff wearing multiple hats, and the ISO is not always an exception. The question here is one of support infrastructure: What is the expertise of your staff, how were they trained, and what tools and software are in place to guide and help them? Identifying these components can help you support both new and existing staff.
  3. Based on the previous two questions, Zach poses a third: what are the staff unable to work on? If your team is unable to implement technologies and initiatives, it is worth examining question 3 in light of the first two questions. That is, if there is something your team is unable to do based on the regulatory criteria of ISO independence or lack of support infrastructure, how can that realistically be addressed? 

If you would like to continue this conversation around these questions, we invite you to join us at FINOSEC Academy. We hope to see you there!

Tags: Cybersecurity, Banking, board, board training, training


Written by Finosec

Request A Call