Page 71 - index
P. 71
protect key corporate assets: organization reputation, customer confidence, market
share, intellectual property
For the past twenty plus years I have seen the Information Security function embedded within
the Information Technology discipline regardless of organization size, industry vertical, even
geographic / country location. The fact remains that having Information Security embedded in
the Information Technology discipline results in the role being strictly technical and often an
afterthought within the organization. This type of alignment has shown to be inefficient and
costly clearly pointing to business executives determining that security needs better
management and leadership. This is why organizations need to help CISO’s evolve into
CBSO’s.
The CISO is the senior-level executive responsible for establishing and maintaining proper
levels of protection of corporate assets: organization reputation, customer confidence, market
share, intellectual property, brand protection, employee protection to name a few. These
corporate assets go beyond the traditional Information Technology discipline into all areas and
processes within the organization. The trend today is for the CISO to report directly to the CIO.
In order for an organization to support the CISO’s evolution to a CBSO they need to have the
CISO report to a senior business executive: CFO, COO, or even the CEO
If CISO’s want to remain the most senior security and risk executives within their respective
organizations; they will need to rethink the roles and responsibilities of the security organization,
its top priorities and enterprise wide initiatives, and the services and ultimately “value” the
security organization brings to the business. CISO’s must also reexamine the individual skills
they build within the security organization and embrace a fundamental redesign of security
architecture and processes. CISO’s willing to embark upon the journey of evolving into a CBSO
will embrace the organizational alignment necessary to allow them to succeed. Chief
Information Security Officer’s need to view themselves as the Chief Business Security Officers
within their organization and start their transformation today.
The keys to making the CBSO role successful are independence, empowerment, and position.
The CBSO needs to be:
• Independent of influence or pressure from those affected in the protection of corporate
assets
71 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
