Cybersecurity plays a critical role in enterprises today. It has evolved from playing a fringe role to one that impacts every person in every business developed over the past 15 years. This shift will continue as we see not only more frequent attacks but also more devastating effects from cyber breaches.
A critical change in how organizations treat cybersecurity revolves around the reporting structure for chief information security officers (CISOs). One reason that there are more frequent and more severe breaches relates to CISOs not having a proper “seat at the table” with the executive team.
Where Should the CISO Fit in the C-Suite?
For more accountability, a CISO should report to the chief executive officer (CEO) or another C-suite executive who is not the chief information officer (CIO). Creating strong integration and interaction between the CISO and the rest of the C-suite creates enhanced resilience and protection for organizations.
Historically, information security professional roles developed out of the information technology (IT) discipline. Firewalls were one of the initial critical security devices, and the networking teams were responsible for these systems. Next came intrusion detection and prevention systems. More components developed out of networking and IT, such as proxy servers, email protection, identity and access management and so on.
With IT leading the way for information security, it made sense that the senior security professional came from the IT department. We are at a crossroads today where we need to move security out from under IT and treat it as a business risk rather than a technical problem.
Information security is a business risk, not simply a technical risk. According to the IBM Cost of a Data Breach study, ..
Support the originator by clicking the read the rest link below.
