Lunsford also sees an immediate problem related to the CISO’s disconnect between responsibilities and authority.
“Human liability metrics force CISOs to be more deliberate and measured in their decision-making. “We’ve heard from many CISOs that they’re deliberately documenting their decision making and that of senior leadership when it comes to making risk-based decisions,” said Lunsford. “Furthermore, that may sound perfectly fine, but it has the effect of reducing decision-making and adding administrative burden when it is done manually without technology that automatically records their work and decision-making.”
Negotiating protection
Finally, whether CEOs provide CISOs with protection may be a factor in the dynamics of the talent market. Meanwhile, veteran security leader Jim Routh, who has held CISO-level roles at Mass Mutual, CVS, Aetna, KPMG, American Express, and JP Morgan Chase, advises CISOs and potential CISOs on key contract security push .
Source link