The challenge of leadership is to optimally affect the ongoing course of organizational evolution, to be the change agent directing this evolution. Culture and leadership are two sides of the same coin. If cultures become dysfunctional, it is the unique function of leadership to perceive the functional and dysfunctional elements of the existing culture and to manage cultural evolution and change in such a way that the group can survive in a changing environment.
Leadership … is the ability to step outside the culture …and to start evolutionary change processes that are …adaptive. This ability to perceive the limitations of one’s own culture and to develop the culture adaptively is the essence and ultimate challenge of leadership.
This aspect of leadership—to change the larger culture in the direction of information security— must be part of any CISO’s job description. Until and unless “the information security way of seeing the world” becomes a part of the organization’s culture, the organization is dysfunctional. Every time there is an information security breach whose root cause is human, that’s evidence of the dysfunctionality.
With this in mind, the CISO, must step outside the culture and look at it from the outside, molding and shaping its evolution, so that, over time, people are doing the right thing: they’re being careful, they’re paying attention, and they are even training each other—all because an information security mindset has become embedded in the larger culture.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment