Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • The “Office of the CISO”: A New Structure for Cybersecurity Governance
  • Cyber Attacks
  • Data Breach

The “Office of the CISO”: A New Structure for Cybersecurity Governance

4 years ago Tripwire Guest Authors
The “Office of the CISO”: A New Structure for Cybersecurity Governance

When it comes to cybersecurity governance and management, there is no “one size fits all” approach.

Today’s CISOs have a far wider range of responsibilities than their predecessors as heads of IT security.

The CISO role is no longer purely technical, focused on hardware and endpoint protection and on operations within the organisational perimeter. Today’s CISO is as likely to be involved with software security, cloud applications, security awareness, and user training.

Reporting lines are different, too. Although some CISOs still report to the CIO or even the IT director, they are as likely to have their own seat on the Board. This represents a wider shift in attitudes to information and cybersecurity. Cyber attacks pose an existential threat to organizations. A Board-level response is not just appropriate; it is essential.

The CISO’s Expanding Role

But updating cybersecurity governance should also go hand in hand with developments in the organization’s approach to risk. Cyber threats are no longer something that can be avoided. To a degree, they are a cost of doing business.

There is much commentary around the need for organizations to understand their attitudes to risk. Cyber risk is no exception. Some if not all this responsibility will lie with the CISO. They need to analyze risks, put forward mitigation measures, and present the results to the board.

As well as monitoring new and changing threats, CISOs need to stay ahead of developments in technology.

These includes cloud technology, artificial intelligence and machine learning, as well as the use of advanced analytics and sensors. Some of these developments are specific to security and are the key to providing a faster response to more damaging attacks. Others are being driven by the needs of the wider business to improve its agility, flexibility, and customer responsiveness.

Add to this the need to keep up with changing regulatory demands, firmer enforcement of compliance, new patterns of work, and a lower tolerance for downtime, and it is clear that a single CISO is no longer a workable solution.

A New Structure: An Office of the CISO

These growing responsibilities are prompting forward-thinking organizations to look again at how the CISO role is organized. In larger businesses, there is a strong case for appointing multiple CISOs in a way that covers business units, geographies, or specific areas such as operational technology or software development.

So, should organizations try out new models for the CISO role? It is increasingly clear that a one-size-fits-all approach will not work. And it is just as clear that a single CISO will struggle to run all aspects of cybersecurity and risk in an enterprise.

One idea that is gaining ground is the “office of the CISO,” or a multiple CISO structure. This might emerge around a “super CISO” with overall responsibility for security and risk, heading up individual CISOs or security leads for business units or geographies. Annother version could see security leaders aligned by function, with a CISO for manufacturing, for the supply chain, and for the CTO’s office, as some examples.

Bringing security together in this way should also help the organization to adapt to other changes in risk and security. Physical and IT – or more appropriately data – security are already converging. And effective cybersecurity depends increasingly on well-trained and well-informed people. The CISO’s department is as likely to be involved in security awareness and education, as it is with technical measures such as firewalls or threat detection.

Creating a chief security office or an office of the CISO integrates these disciplines and skills. It should make the security function more responsive and more adaptable but also more resilient. Workloads are spread across a team rather than resting with one individual, and a team approach allows a degree of specialization. The overall security lead will then report to the board.

And it also lays the groundwork for future development of the security role. In larger organizations such as the financial sector or government, it is already common to have 1,000 or more staff working in a security role. That will only grow, as the office of the CISO takes on responsibility for physical security, crisis management, and business continuity.

Whichever way it is organized, it is clear that the CISO’s position is now closer to the boardroom than the basement.

About the Author: Stephen Pritchard is a video journalist, broadcaster, and writer. He works as a freelance producer, presenter, and moderator, and he writes news, analysis, and feature articles for the international and UK press, trade media, and magazines. Stephen’s main beats include technology, telecoms, security, science, and management. He is a contributing editor and columnist for IT Pro and for Infosecurity Magazine. Stephen also writes for a number of newspapers including the Financial Times, The Guardian, and Sunday Times.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

More by Stephen Pritchard

The New “Attack Surface” – Securing the Business Beyond Conventional Boundaries

The post ” The “Office of the CISO”: A New Structure for Cybersecurity Governance” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Encryption, Medium Severity, TripWire

Continue Reading

Previous ‘Tropic Trooper’ Reemerges to Target Transportation Outfits
Next New Phorpiex Botnet Variant Steals Half a Million Dollars in Cryptocurrency

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

2 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

23 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)

Recent Posts

  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT