Enter the CISO: Torchbearer of Security and Risk Management

Saturday, April 06, 2013

Anthony M. Freed


In a convergence culture, accountability for risk is accepted across the organization, and when that happens, risk management becomes a priority to the business, informing strategy and objectives.

Five years ago, less than 25 percent of CSOs or CISOs reported to a CEO (.pdf here). Today, that number has tripled, reporting not just to CEOs, but also a board, chief legal counsel or a CFO.

The role has become one of torchbearer, communicating with their executive counterparts about the issues that could affect the company’s ability to conduct business. By helping identify and mitigate risk across finance, operations and IT, the CISO puts security in context of what could affect profit. And that’s language any CEO understands.

Security is a governance issue, and a vital part of the mission of business. As Roland Cloutier, Vice President and Chief Security Office for ADP Worldwide, stated in a recent interview with Tripwire,the “security organization can never be the lone risk acceptor, because it means there will be little buy-in to risk across the company.”

For more background on connecting security to the business, check out the article on The Convergence of Information Security and Risk Management.

Cross Posted From Tripwire's State of Security Blog

Possibly Related Articles:
General Budgets Enterprise Security Policy Security Awareness Security Training
Information Security
Management Security CISO
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.