In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives.
Five years ago, less than 25 percent of CSOs or CISOs reported to a CEO (.pdf here). Today, that number has tripled, reporting not just to CEOs, but also a board, chief legal counsel or a CFO.
The role has become one of torchbearer, communicating with their executive counterparts about the issues that could affect the company’s ability to conduct business. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit. And that’s language any CEO understands.
Security is a governance issue, and a vital part of the mission of business. As Roland Cloutier, Vice President and Chief Security Office for ADP Worldwide, stated in a recent interview with Tripwire,the “security organization can never be the lone risk acceptor, because it means there will be little buy-in to risk across the company.”
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.
Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.