Way beyond the justification of ad-hoc investments and pet-projects for the CISO, metrics have to be at the heart of the sound security practice, but they must be focused on tracking progress in time in support of a long-term transformative vision.
The CISO role has never been more important. The firms that fail at appointing a new CISO are those which rush and push an inexperienced techie in a poorly defined role. Positioning the role accurately in relation to the firm’s objectives around security, thinking it as a senior leadership role, and taking the time to find the right leader are the keys to long-term success.
Over the past several years, experts and policymakers have expressed increasing concerns about protecting ICT systems from cyber attacks — a deliberate attempt by unauthorized persons to access ICT systems, usually with the goal of theft, disruption, damage, or other unlawful actions....
With regards to many other C-level roles, the Chief Information Security Officer (CISO) position is a fairly recent creation for many organisations. Although it started to emerge over 15 years ago, it has been spurred further recently by growing concerns over cybersecurity and highly publicized data breaches. Figuring out its right place within organisations is still quite a hot debate between management and security experts