Page 32 - index
P. 32
IT Security: Does Your Business Need a CISO?
Most people see the title CISO (Chief Information Security Officer) and automatically assume that it
is a role handled solely by the IT department. While this is true, it's actually only part of their scope
of work, mainly because the role extends to include an IT security consulting services function. To
be effective, a CISO must have a broad perspective that allows them to perform their job of
information security properly.
John Lyons, the chief executive of the International Cyber Security Protection Alliance, goes as far
as to recommend that a CISO should be made an independent function altogether—one that is
unencumbered by other agendas within the IT department.
He believes that the best ones for the job should be provided a budget to work with at their
discretion to effectively keep both cyber attacks and costs at bay."
“If you have a CISO reporting through a CIO (Chief Information Officer) or if you put the
cybersecurity budget in the technology budget, then the security spend gets lost among other
priorities…it's right to segregate out the expenditure on security as a discrete part of the overall
spend in the company,” Lyons added.
Does your business need a CISO? Here are the tell-tale signs that your organization can stand to
benefit from one.
1. You need to cut costs.
Every business wants to reduce costs, but nobody wants to do so at the expense of having low-
quality and inadequate security.
32 Cyber Warnings E-Magazine – October 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
