The 2013 Chief Information Security Officer Assessment report released earlier this week confirms something we have known for a long time, or should have: A successful CISO needs to assume the role of a business leader and understand how security enables the business’s primary objectives.
The report is based on in-depth interviews with more than forty senior information security leaders in an effort to better understand the changing dynamics CISOs and their equivalents are facing and determine general best practices and strategies.
“In this year’s Assessment those that we interviewed highlighted over and over the need for a strategic approach, good communications skills, building trust and approaching risk management comprehensively,” said IBM’s David Jarvis. “Those that can both speak the language of security technology and the language of the business have been most effective.”
The study suggests CISOs should work to make security efforts more visible across the entire organization, as well as creating strong relationships with business unit leaders in order to more effectively determine the most relevant security metrics.
“Establish a security strategy that is updated regularly, communicated widely, and developed in conjunction with other strategies in the organization (such as product development, risk and growth),” the report recommends. “Develop effective business relations and meet with the C-suite and Board on a frequent basis and develop an approach to manage their diverse concerns. Take those concerns into account when determining what to measure.”
Read More Here… (Form Required)