He believes these dual-level roles can provide a more direct reporting line to the CEO or board, which is important for risk reporting. It gives the CISO greater independence to report to the board and helps them understand business risks because the CISO looks at all different parts of the organization. βIt’s not just technology, it’s data, users, customers and threats. It’s thinking about how to make the business stronger, and the board and the CEO need that transparency and the ability to work collaboratively with the CISO,β Pasteris tells CSO.
Holding both roles also helps align the goal of driving business efficiency while keeping the organization secure, which can sometimes conflict. Additionally, CISOs understand what the business outcomes should be and where the business risks are. “We have the ability to bring all that together and it’s really useful for the organization. That’s why you see the CISO starting to rise to the role of COO,β Pasteris tells CSO.
One of the distinguishing features of the CISO role is that it is both a provider and consumer of security services, which puts it in a somewhat unique position to understand the engineering development pipeline, the marketing stack, what the sales team is using and so on. , said Chad McDonald, COO at Radiant Logic.
Source link