There’s a new star rising in an already burgeoning C-suite. Thrust into the limelight in response to the evolution of cyber threat, this star is responsible for one of business’s most highly prized assets: information. The CISO (Chief Information Security Officer) is an information security specialist, and has become one of the most highly sought-after candidates out there. Earlier this year, the CISO role got even more attention when US President Barack Obama announced plans to hire the first ever Federal CISO. Not a role for the faint-hearted, we should imagine.
This announcement confirmed what many businesses already knew: CIOs have enough to do without having to deal with security issues too. The CISO might not be a new role, but in the face of so many high profile hacks and security breaches it has become an invaluable one.
However, not all companies appear to have security front of mind. According to the Cyber Security Job Trends survey conducted by Cybrary, only 49% of the senior technology professionals questioned said their companies employed a security-dedicated CISO. It’s time that changed, so let’s look at the CISO in a bit more depth.
What is a CISO?
The role of the CISO is to protect the organisation from all digital security threats – both now and in the future. He or she is responsible for executing, protecting and measuring the business’s security strategy, as well as ensuring it is communicated to all stakeholders across the organisation.
It is a role that mixes strategic thinking with tactical skills and true CISOs will know the systems they are recommending inside out.
What does a CISO do?
Although there is no specific career path for CISOs, the majority tend to come from an IT or IT security background. A dedicated CISO offers a wealth of knowledge about the cyber threat landscape and a valuable perspective on risk limitation.
This point is made by Salo Fajer, CTO of Digital Guardian: “What a CSO/CISO can bring to the table is much more than just a specialty in technology, an acute awareness of the possibility of attacks and knowledge of the threat landscape. It's about having a broad and deep perspective on risk, and how to enable the business while minimizing that risk.”
Yet, while much of a CISO’s role revolves around identifying and assessing risk the difficulty lies in ensuring that this is done in a way that makes good business sense and leads to positive change. A successful CISO is one who is able to communicate effectively. This means taking highly technical vocabulary and transforming it into more accessible information in a way that its value is undeniable.
Why does my business need a CISO?
For some, CISOs are yet another C-suite executive role amidst countless others. Some question whether there is the need for a CISO in a business which already employs a CIO and a CTO. However, this is a risky opinion to have. If your business is serious about data security, privacy and its reputation, then your answer needs to be a resounding ‘yes’.
Different businesses will approach the role in different ways. One may choose to have the CISO reporting to the CIO or CTO, while another may opt for a standalone CISO role reporting to the CEO. Both have their merits, but the more independent the CISO, the more objective his or her input and approach will be.
Either way, a business should focus on ensuring a CISO has the specialist knowledge needed to incorporate security best practices into existing IT operations with minimal disruption.
CISOs are rising in prominence because security is no longer simply something that sits within IT’s remit. The ongoing influx of technology into the workplace means we should all be dealing with security in a more proactive way.
Read our related blog: Why are cloud computing services increasingly in demand?