1. The importance of understanding the organization and context
Security is for business, not against business.

Although the primary task of the Fractional CISO both to ensure that the security of the Company's information is adequate to its characteristics, needs and resources, it must also operate in favor of the achievement of company objectives and keep the impact on operations to a minimum.


This is why it is essential to acquire knowledge of the reality of the organization before carrying out any intervention.


Each company has characteristics (market, products, processes, culture, organization, complexity, regulations, etc.) that differentiate it to varying degrees from the others.


To intervene on safety it is essential to understand how the company really works, how it produces value, what are the vital elements for its operation, how it is organized, what are the objectives.


The Business Model Canvas, a method created to evaluate the Business Plan of a startup, is a simple and effective tool that helps the Fractional CISO and the Company to explain, organize and quickly share the most operational of this information.


Understanding other aspects, such as culture and management style, takes more time, but it is equally essential to set up an effective and sustainable Safety Program for the Company.


Information security must permeate the company by adapting as much as possible to processes and people, a bit? like Kevlar fiber, it strengthens a fabric while maintaining its shape and functionality.