Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register nowarrow_forward

menu

Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register now

arrow_forward

language

Products

arrow_drop_down

Solutions

arrow_drop_down

Resources

arrow_drop_down

Diligent AI

Request a demo

Governance

Risk

Compliance

Audit

Diligent Boards

Automate meeting prep, secure sensitive data and give directors the clarity to make the best decisions.

BoardEffect

Secure, flexible board management software for nonprofits and higher education.

Community

Increase transparency, streamline governance and empower your school board or local government.

Diligent Market Intelligence

On-demand access to exclusive shareholder activism, executive compensation and ESG data.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Role

Use Cases

Company Type

Industries

General Counsel

Safeguard your organization with centralized oversight of governance, risk and compliance.

Corporate Secretary

Run governance flawlessly with AI tools that eliminate busywork and ensure audit-readiness.

Executive Assistant

Streamline board prep, communications and approvals with AI workflows for seamless meetings.

C-Suite

Accelerate decisions and inspire confidence with AI-powered reporting and real-time risk intelligence.

Directors & Trustees

Prepare faster, mitigate risk and make smarter decisions with purpose-built board tools.

Risk Manager

See enterprise risk in real time, act decisively, and deliver AI-powered insights.

Information Security

Unify IT risk, compliance and cyber oversight in one secure platform.

Compliance Officer

Turn regulatory obligations into clear, actionable metrics — proving compliance and ROI.

Internal Auditor

Connect audit management, analytics and monitoring in a secure, AI-powered hub.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Content Library

Case Studies

Virtual Summits

Events

Resources Hub

Discover all of Diligent's insights in one place. Stay ahead of trends with expert perspectives, exclusive research and information you won't find anywhere else.

MEDIA TYPE

Blog Guides Videos Podcasts Content Toolkits Research & Reports

BY TOPIC

Governance Risk & Audit Compliance AI & Cyber Public Sector Diligent Institute

FEATURED

Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC

Successful security objectives: A 2022 guide for CISOs

May 12, 2022

•

4 min read

A CISO checking the guide for successful security objectives on his tablet.

Kezia Farnham

Senior Manager

Share:

Over the last two years, cybersecurity has seen a seismic shift, and security objectives have had to evolve in response.

The world of work was turned on its head by the pandemic, creating security headaches relating to remote and hybrid working. Digital transformation has expanded your potential “attack surface”. At the same time, the threats you face grow ever more sophisticated.

With the issuing in March 2022 of the SEC’s cyber regulation proposal, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, the pressures on CISOs to get security right are only intensifying.

To tackle the growing range of cyber risks, ensure their information security strategy remains relevant and ensure their strategy aligns with their organization's overall governance, risk and compliance (GRC) framework, CISOs need to regularly review their security goals and objectives. What should information security objectives look like in 2022?

What Do Successful Information-Security Objectives Look Like?

There may be debate around the fundamental objectives of information security. But as a whole, security objectives around computer networks and systems coalesce around three themes.

What are the three objectives of security? They are generally agreed to be:

Confidentiality
Integrity
Availability

Achieving these main goals relies on a number of other security objectives. With that, in 2022, the CISO’s objectives should also include:

Aligning security objectives with business priorities: your security objectives need to be in line with your corporate goals and must evolve with your business
Putting in place a robust measurement framework: setting Key Risk Indicators (KRIs) for IT risk management gives you a baseline for the maturity of your security strategy and enables you to measure progress
Ensuring your approach is aligned with recognized external frameworks such as NIST: more detail on which below
Turning your security operations center (SOC) into a strategic CoE (Center of Excellence): a mature, effectively resourced operation that acts as a business partner to the board and executives

Information-Security Objectives and the NIST Framework

The NIST Cybersecurity Framework is a set of US federal government guidelines for organizations around preventing, detecting and responding to cyberattacks.

How Are Security Objectives Essential for the NIST Framework?

The NIST Cybersecurity Framework splits security principles into five core functions; each represents a key step in an organization’s security program.

Identify — your ability to spot potential cybersecurity risks and areas of weakness
Protect — the safeguards you implement to ensure the continuity of your critical infrastructure services, by limiting or containing the impact of a cybersecurity event
Detect — the ability to identify cyberattacks or breaches
Respond — the plan you have in place to tackle any attack or breach
Recover — the steps you take to get systems up and running again

The NIST core functions align closely with the security objectives of confidentiality, integrity and availability. By looking at both in parallel, you can ensure your cybersecurity strategy is designed to fit with NIST’s guidelines and achieve the three core information-security objectives.

Tackling 2022’s Biggest Cybersecurity Threats

In such a fast-moving field, security objectives cannot be static or even sluggish; cyber threat actors are finessing their attack strategies all the time, and with the main objective of information security being to repel these threats, CISOS cannot let their guard down.

And this doesn’t end at your network’s perimeter. As we touched on earlier, organizations’ attack surfaces have become bigger and more fluid for several reasons including remote working and growth in access via devices. This is leading many organizations to adopt zero-trust security frameworks to bolster their defenses.

Then there’s the need to consider those outside your perimeter. The need for bullish third-party risk management has led Security magazine to place “Increased Scrutiny on Software Supply Chain Security” top of its list of Cybersecurity Predictions for 2022.

All too often, these threats originate far closer to home: a Yahoo Finance article believes that insider threats, and organizations ill-equipped to respond to them, are 2022’s biggest risk to cyber security.

Looking both inside your organization, making use of audits and controls to detect potential internal threats, and beyond your walls to review third-party risks, should be among your core objectives for 2022.

Keep Pace with New Threats and Best-Practice Response Strategies

Success as a CISO means setting security objectives that align with the external landscape and equip your business to respond to fast-changing cybersecurity threats. Ensure you’re always on the front foot by subscribing to Diligent’s Governance, Risk and Compliance (GRC) newsletter.

The regular newsletter showcases the latest reports, blogs, industry insights and thought leaders, giving CISOs the lowdown they need on all things GRC.