The New CISO: Rethinking the Role

Dating back to the 1990s, the role of CISO was more technical and IT-focused.
CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection.
Today, CISOs are also expected to defer to business needs while still being accountable for breaches.
At networking events, I'm seeing more and more CISOs with business backgrounds focusing less on the cyber aspects of the job and more on supporting business priorities.
In 2024, we need to rethink the role of the CISO yet again.
Today's CISO must help their organization understand that prioritizing risk reduction is key to the business's resilience in the face of modern threats.
Today's CISO: The Resilient Politician CISOs once were able to sell their importance based on the idea that, in cyber terms, the sky was falling.
CISOs' focus shifted from risk avoidance to risk posture and consideration of what level is acceptable in the pursuit of business goals.
With the proliferation of ransomware, CISOs must not only prevent, detect, and remediate security risks, but now must consider how resilient the systems are from cyberattacks that can put the company out of business.
The good news for CISOs is that many of these roles have been elevated to a genuine C-level position.
Considering the increasing pressure from the Securities and Exchange Commission and Department of Justice regarding CISO accountability in the wake of a cyberattack, this position is quickly becoming untenable.
The Next Stage for CISOs To be successful today, CISOs need to develop new skills while maintaining strong fundamentals.
How a CISO goes about this can vary, depending on whether board members' experience is in technology or business.
CISOs need to be comfortable developing a risk-based approach focusing on the importance of resiliency, because attackers will get in.
CISOs should build a deeply technical team that can focus on key security practices.
CISOs must not rely on assumptions about how to respond; running through and testing all response plans is vital.
In recent years, CISOs at major companies have been let go, called to testify in court, and, in some cases, charged with crimes.
A New CISO for a New Threat Landscape The enterprise IT landscape has changed significantly over the past 40 years, becoming increasingly dispersed, cloud-based, and central to conducting business.
With so much change, it's unrealistic that the CISO of today should operate in the same way as in decades past.
In this new environment, CISOs must redefine how they balance cyber-resilience and operational demands, interact with senior leaders and the board, and deliver team and technical leadership.


This Cyber News was published on www.darkreading.com. Publication date: Tue, 19 Mar 2024 14:05:15 +0000


Cyber News related to The New CISO: Rethinking the Role

CISO Conversations: Nick McKenzie and Chris Evans - In this edition of CISO Conversations, SecurityWeek discusses the role of the CISO with two CISOs from the major crowdsourced hacking organizations: Nick McKenzie at Bugcrowd and Chris Evans at HackerOne. The purpose, as always, is to help aspiring ...
1 year ago Packetstormsecurity.com
The Role of the CISO in Digital Transformation - Modern-day demands require organizations to be flexible and digitally savvy, getting work done remotely and in the public cloud as often as in a centralized physical location, if not more so. As companies continue to modernize their workflows and ...
1 year ago Darkreading.com
Appointments of New Chief Information Security Officers in the United States in January 2023 - Corporate security is undergoing a lot of changes as businesses attempt to keep up with the ever-changing threat landscape. To ensure the safety of both employees and customers, many companies are now hiring a Chief Security Officer or Chief ...
2 years ago Csoonline.com
The New CISO: Rethinking the Role - Dating back to the 1990s, the role of CISO was more technical and IT-focused. CISOs face more risks than can be resolved, are expected to balance security with operational capability, and must convince leaders to invest in protection. Today, CISOs ...
1 year ago Darkreading.com
Microsoft Is Getting a New 'Outsider' CISO - In a Tuesday blog post, Microsoft executive vice president of security Charlie Bell announced that as part of its new strategic focus on security, the company will shift Bret Arsenault out of his longtime role as CISO and into a chief security ...
1 year ago Darkreading.com
Microsoft Is Getting a New 'Outsider' CISO - In a blog post on Dec. 5, Microsoft executive vice president of security Charlie Bell announced that as part of its new strategic focus on security, the company will shift Bret Arsenault out of his longtime role as CISO and into a chief security ...
1 year ago Darkreading.com
Is the vCISO model right for your business? - It's getting harder to justify not having a CISO, so many businesses that have never had a CISO are filling the gap with a virtual CISO. A vCISO, sometimes referred to as a fractional CISO or CISO-as-a-Service, is typically a part-time outsourced ...
1 year ago Darkreading.com
How the Evolving Role of the CISO Impacts Cybersecurity Startups - It helps startups striving to meet the ever-evolving needs of CISOs, who are simultaneously seeking the elusive but paramount buy-in from business users and executives. The CISO role has evolved dramatically in the past few years in response to ...
1 year ago Darkreading.com
Definition from TechTarget - The CISO is a senior-level executive responsible for developing and implementing an information security program, which includes procedures and policies designed to protect enterprise communications, systems and assets from both internal and external ...
1 year ago Techtarget.com
Embracing the Virtual: The Rise and Role of vCISOs in Modern Businesses - In recent years, the task of safeguarding businesses against cyber threats and ensuring compliance with security standards has become increasingly challenging. Unlike larger corporations that typically employ Chief Information Security Officers for ...
1 year ago Cysecurity.news
Why CISOs and CIOs Should Work Together More Closely - Although there are overlaps in the goals and responsibilities of the CIO and the CISO, there are also challenges that get in the way of a more cohesive relationship, including reporting lines, organizational structures, budgets, and risk appetites. A ...
1 year ago Feedpress.me
Why Your CISO Should Report to the CEO, Not the CIO - In an era where cyber threats dominate boardroom discussions, the reporting structure of a Chief Information Security Officer (CISO) has profound implications for organizational resilience. Elevating the CISO to report directly to the CEO signals a ...
1 month ago Cybersecuritynews.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com
The Shift in Power from CIO to CISO: The Rise in Cyber Attacks Enables Greater Resources and Budget Allocation - Often when we talk about the impact of these cyber threats, we inevitably focus on the wallet as well as how they can tarnish a business's reputation. As a result, we are witnessing the beginnings of a shift in power from the CIO to the Chief ...
1 year ago Cybersecurity-insiders.com