Category: CISO WaterCooler

Why are we still talking about the reporting line of the CISO?

Why are so many organisations and security professionals still worried about the reporting line of the CISO? This is one of the oldest and most consistent debate agitating the security industry, and it looks far from resolved. It has been polluted for decades by arbitrary and simplistic views on “separation of duties” and alleged “conflicts of interest”. But those views often come from sectors of the corporate spectrum with a fairly theoretical idea on how an organisation should operate, and rarely reflect the reality of how large organisations function.

Security

The First 100 Days of the New CISO

There is some form of management reality beyond the “100 days” journalistic cliché: How does an incoming executive make an impact in a new role? What are the real timeframes to look at, and what can be expected and over what horizon? What are the key issues that should raise a red flag during the first few months in a new senior position? and those which can be ignored?

CISO

Information Security the next generation

The position of Chief Information Security Officer (CISO) has become well established in recent years, but where is it heading next? For many it is often perceived as an inward directed role more accustomed to saying ‘no’ than anything else. But is this really fair and does it represent the...