دانلود رایگان مقاله نقش در حال ظهور CISO

Abstract

Against a background of board-level concern for cybersecurity, organizations are seeking to ensure the protection oftheirinformation assets and minimize the risk of a cybersecurity attack. These objectives place two particular demands on organizations: to appoint a suitable official to head up their information security operations, a CISO; and to ensure that the executive and board are appropriately informed of the organization’s security status. In exploring the challenges that confront organizations in selecting a CISO, we drew on data from the U.S., Canada, and New Zealand. Two main issues were addressed. First, the organization has to be very clear on what it wants in terms of the job the CISO is expected to perform and the corresponding attributes that such an incumbent would need to possess. The CISO is a senior-level executive and rather than being a specialized technical expert, the CISO should be an excellent communicator. This will help address the second issue, which is how effectively the CISO can communicate with the board. Some suggestions are provided that serve to aid both effectiveness and efficiency. However, organizations need to embrace their concern about cybersecurity and build it into their selection criteria for board members.

7. Conclusion

In exploring the challenges that confront organizations in their selection of a suitable CISO, two main issues were addressed. First,the organization hasto be very clear on whatit wantsin terms ofthe job the CISO is expected to perform and the corresponding attributes such an incumbent would need to possess. The CISO is a senior-level executive and as such should be performing strategic-level tasks rather than daily operational ones. Furthermore, rather than being a specialized technical expert–— although we are not denying the importance of technical expertise–—the CISO should be an excellent communicator with business knowledge and interpersonal skills. This will help address the second issue, which is how the CISO can fashion communication with the board and the executive in a manner that is most effective and enables the organization to address its cybersecurity challenges. Some suggestions are provided thatserve to be both effective and efficient. However, organizations need to embrace their concern about cybersecurity and build it into their selection criteria for board members.