General Counsel Must Guide IT Security

IT security controls are a blend of tooling and skills used to reduce organizational cyber risk. Implementing these controls requires determined leadership. Often there is a gap between what is written in IT policies and what is actually implemented. Closing these gaps is the function of the general counsel. Organizations must rid themselves of aspirational statements and maintain a core set of “must-have” IT security policies. It is vital that the general counsel guide emerging IT security leaders as they cultivate their own leadership philosophies. Help them to align their leadership philosophy with the organization’s risk management objectives. What kind of leader they become is critical to their ability to build a competent team. For example, are they an inclusive leader? A situational leader? A principled leader? The general counsel’s guidance here cannot be understated. Developing a leadership philosophy will help them guide their technical teams during a crisis to make informed risk management decisions before you become involved.