Discussion Assignment I have attached the instruction 1 CISO’S POLICY COMMUNICATION STRATEGY 2 WEEK 4 DISCUSSION Intr

Discussion Assignment I have attached the instruction 1




Chief information security officer widely identified as CISO may be described as a senior-level executive bestowed worth powers and responsibilities of developing, implementing, and perhaps relaying reports of various security issues regarding the data breach. As provided by the new regulations on security and data breach communication and reporting, the essence of CISOs is to design and implement information security programs and perhaps ensure that policies put in place are well developed and destined to guarantee enterprise protection against possible data breach challenges (CISOSHARE, 2021). It is also worth mentioning that other than the roles mentioned above, CISOs also take the sole responsibilities of all security operations within an enterprise, conduct cyber-risk and cyber intelligence, plan, buy and roll out security architecture, including hardware and software configuration alongside program management. Based on recent changes, the CISOs have been given the mandate to communicate and provide progressive reports on issues related to security and data breaches. In this discussion paper, extensive knowledge will provide about various approaches and strategies that could be deployed by CISOs to communicate and report incidences associated with data breaches and security threats within an organization,

Literature review.

As mentioned earlier, CISOs play a critical role in ensuring the security of a company’s assets and systems. For effective communication for the new data breach policy to be realized, there is a great need to prepare by activating the data breach and crisis communication team (CISOSHARE, 2021). These are the first people to acquire the information about data breach incidents suspected before communication the data breach incidence established cress communication team must be alerted using phone calls and briefed about the situation including the impacted areas along with identification of departmental spokespeople for easy sharing of data breach current situation along with what employee at such department needs to do.
Besides that, through the established crisis communication team, employees will be notified about the data breach and instructed to ensure to safely remove all attached external devices in various computer systems or devices to prevent further damage of the systems. Another important communication and notification strategy for data breaches includes taking the reins and instilling confidence in employees and the organization. The IT security team should be empowered during communication to ensure that they are empowered to inspect networks to eliminate secondary attacks. (CISOSHARE, 2021) The briefing may be done using questions and answers to pinpoint the kind of company’s systems that have been affected, the type attacked, whether severe or not as well as provision of guidelines on what ought to be done next and the expected outcomes.
During the briefing also the CISOs will ensure to remind the employees, the management, and other stakeholders of the essence of remaining calm on the matter and perhaps the importance of protecting their brand by keeping confidential data remain confidential.


The data breach has become rampant, and there is a great need for CISOs to employ better communication strategies that could help reduce the impacts of these incidences. Through rolling public updates, briefing, and activating the risk communication team, CISOs will be able to provide enough details about security threats to help reduce their impacts (CISOSHARE, 2021).


CISOSHARE. (2021, July 12). Tips for communicating with stakeholders about security. Leaders in Information Security Program Development. 

Tips for Communicating with Stakeholders About Security

Tiller, J. S. (2016). CISO’s guide to penetration testing. 

Warjiyo, P., & Juhro, S. M. (2019). Policy transparency and communication strategy. Central Bank Policy: Theory and Practice, 349-384. 

Looking for this or a Similar Assignment? Click below to Place your Order