2nd Edition

Tracking the trends and news for IT and IT Security

Paul

This blog post explores ways that CIOs can better empower CISOs and help drive cybersecurity priorities within their organization.

cropped-s1-favicon-big-270x270.png This blog post explores ways that CIOs can better empower CISOs and help drive cybersecurity priorities within their organization.>
Sentinel One – Mani Keerthi Nagothu
CIOs invest in leading edge technology that help employees work better and champion an ongoing process of digital transformation. If the CIO is paving the way in this journey, the CISO makes sure that the vehicle is safe to operate, tuned, and regularly maintained to run without issue. To achieve this, CISOs are responsible for building business-specific security policies, finding ways to reduce overall cyber risk, and building up cyber resilience through people, process, and the right technology.

Though traditionally this role has reported to a company’s CIO, some in the cyber community have questioned whether this drives or hinders an organization’s ability to prioritize cybersecurity needs. The focus, however, should instead be on examining the key responsibilities of both roles, analyzing common conflicts of interest that arise between them, and finally, understanding how both CISOs and CIOs can work in tandem to enable business operations and cybersecurity. Below, we examine three shared functional areas that each role manages differently and where there is room for alignment.

1) Managing Conflicting Priorities CISOs can be empowered when they are recognized as the voice of authority on security for the organization and collaborate as an equal to the CIO. Sharing knowledge, both CIOs and CISOs can identify areas needing improvement and work together to a common goal.

2) Understanding Budget Prioritization & Justifications Though a CISO may report into a CIO within an organization, senior leadership may choose to separate the IT budget from the cybersecurity budget. While the budgets are divided, it is critical for the CIO and CISO to work collaboratively, brainstorming to understand where they can align on business objectives to streamline expenses on both sides.

3) Prioritizing Business Risks Instead of reporting on how many times the security team responded to events, the narrative may focus on missed alerts or portray investment in new solutions as a cost center. A benefit of having a CISO reporting into a CIO is recognizing that usability and security are not at conflicting ends. In partnership, transparency and open collaboration between the two roles supports the goal of building cybersecurity hygiene. Security risks can then be evaluated and mitigated throughout an organization’s IT infrastructure.
Link: https://www.sentinelone.com/blog/navigating-the-ciso-reporting-structure-best-practices-for-empowering-security-leaders/

Categories:

Tags: