I recently
moderated a panel on the topic “Should the Role of the CISO be more independent”
at the TOP 100 CISO award function in Mumbai, India.
The
increasing awareness of the vulnerability of organizations to cyber-security
risks such as corporate espionage and compromise of intellectual property
resulting in service failures and reputational damage, has made visible the
gaps in appropriate cyber-protection strategies
Unfortunately,
these changes have not yet resulted in raising the visibility of the CISO function
or enabling a higher degree of autonomy for the role. The limited exposure of
the CISO’s role to the organization’s CEO significantly limits the ability of
the CISO to articulate such risks in a contextual manner to business,
consequently reducing the CEO’s visibility into cyber-security risks that could
eventually impact profits & growth.
Over 60% of
today’s CISOs still report to the CIO, and are considered a part of the IT
function. In a recent show of hands by the Top 100 Indian CISOs during a panel
event I moderated, over 90% voted for a more independent yet empowered
structure. Most CISOs felt that the heightened accountability of the function
should correspond with increased powers over budget allocations, technology adoption,
recruitment decisions and operations.
In a poll
which I ran amongst a few members of the ISF (Information Security Forum), the
respondents emphatically voted for an independent & empowered CISO function
which they felt would make the role more effective and strategic.
Involving the
CISO in the strategic decision-making process will ensure that security is
accorded due priority. In the near future, it is very likely that CISOs will
play a strategic role due to the rising cost & impact of cybercrime, and the
adoption of business & technical changes due to consumerisation and the cloud.
Related
Topic:
No comments:
Post a Comment