Companies should assess the role of the CISO

By

The role of the chief information security officer (CISO) is at risk due to the fact that information security risks that enterprises face have been exaggerated and misunderstood, according to a security blogger.

Writing on his personal blog, executive director of information security at an unnamed firm, Dr Boaz Gelbord claimed that the industry has over-hyped threats and demanded too much time and money to mitigate risk.



Companies have also bought expensive security equipment and hired lots of security staff, but this has left some companies doubting whether they need a CISO at all.

 

Gelbord said: “Whether your company needs a CISO is essentially a question about whether your company needs a full time executive to own and manage its security narrative. Not every company has a chief privacy officer, a chief continuity officer, a chief blogging officer (yes, that one exists).

 

“But if privacy, continuity, or blogging is critical to your company, you will have that CPO, CCO or CBO. It works the same with security. So how many companies actually do need a CISO?”

 

He further claimed that "there are still a large number of companies that need a security narrative and need a CISO to own it. For these companies, the CISO function will become even more prominent in coming years. And these CISOs are as hard as ever to find".

 

Gelbord pointed to the key skills for a good CISO as being someone able to have the ability to produce change, to have an understanding of how business processes and information interact, have an understanding of the technologies used in an organisation, and have an understanding of legal and compliance issues.

 

“These skill sets are not in and of themselves so unique - any executive in a technology driven company needs a bit of each one. The tough part is finding someone who has all four skills and is actually interested in information security.

 

Some people talk about chief risk officer being the next generation of the CISO function. I don't buy this. Everything a company does involves risk, and there's only one person who is ever going to be really responsible for managing all enterprise risk. That's the CEO,” said Gelbord.

 
See original article on scmagazineuk.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
chiefcisocompaniescorporateinformationofficersecuritythreats

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?