John Carlin and Aspen Institute Publish Report on Evolving Role of CISOs>
–
John Carlin and Aspen Institute Publish Report on Evolving Role of CISOs
October 4, 2023This report seeks to provide context on the current expectations and responsibilities placed on corporate CISOs; describe how those responsibilities reconcile with the authorities CISOs generally have and realities they face on a day-to-day basis; and provide high-level, structural recommendations on how business organizations can ensure that their CISO is equipped to protect business systems and achieve institutional objectives in this changed environment.
The report is designed to be accessible to the general public, and also to be a tool for CISOs, corporate executives, and board members to assess whether their organization, and their CISO, is structured to be able to address the range of cyber-related risks entities grapple with on a daily basis.
The report recommends that organizations:
Ensure CISOs’ authority align with all aspects of an organization’s business functions
Include CISOs in senior level strategy, governance, and risk management processes
Ensure CISOs have a role in decision-making for large-scale business, product, and procurement decisions
Ensure CISOs have access to senior leaders and board members, regardless of the organization’s specific reporting structure[2]
Link: https://www.paulweiss.com/practices/litigation/cybersecurity-data-protection/publications/john-carlin-and-aspen-institute-publish-report-on-evolving-role-of-cisos?id=48411