CIO OPINION
CISOs must be able to function as central leaders in combating risk across the business . This means having a seat at the table and being free to work alongside their CIO counterparts . catastrophic security issues . No one told them about it until a few days before the launch date .
Both teams feel wronged by scenarios like this , and these late-stage conflicts will only harm the company they ’ re both working to improve .
Instead , IT and security need to work closely together from the beginning , from application ideation to architecture design , right through to the final review stages .
On the other hand , in some situations it makes more sense for the CISO to report to the CIO . Let ’ s say we have a CIO that has made a name for themselves as a strategic business leader , and understands that risk management , especially cybersecurity , is critical to success .
This means all the due diligence around vulnerabilities and risk exposure will be completed initially and security will be baked into the resulting product or project . This is exemplified in the DevSecOps approach with security being interwoven throughout the development lifecycle rather than being a final hurdle .
Alternatively , if the business is an industry with substantial regulatory obligations , such as a retailer working under PCI DSS or a financial firm looking to comply with CBEST , reporting directly to the General Counsel ’ s office makes sense .
There is no one-size-fits-all model , and every firm should explore the structure that aligns with their security objectives and imperatives .
Security demands have changed drastically , and the CISO role must evolve to match .
In today ’ s more complex digital world , security has moved away from pure technology to merge with organizational risk management . Cyber-risk intersects with every element of the organization , so it must be treated as a strategic business function rather than a niche technical concern .
Divisions often arise because security is often perceived as the final step . IT may feel they ’ ve worked hard to produce some fantastic new software , only for the ‘ Department of No ’ to spring into action with their red pen to cause delays and headaches .
Or perhaps the security team feels they have been forced to scramble around and find a solution that will keep a critical new piece of architecture from causing
As such , CISOs must be able to function as central leaders in combating risk across the business . This means having a seat at the table and being free to work alongside their CIO counterparts , not against them .
With CIOs and CISOs working at the same level , from the same page , IT and security can finally bury the hatchet and work together as they help their organization on its Digital Transformation journey . p
46 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com