Comment
The CISO reporting structure is broken
How can a cybersecurity leader secure government assets against adversaries when they aren’t afforded the authority to act in their agency’s best interest?
This question is increasingly important in today’s environment. In a recent report by the Government Accountability Office, five out of 12 federal agencies said they faced “an increase in certain types of cyberattacks” when working remotely. Supporting a remote workforce is here to stay. To protect against the increasingly hostile threat landscape, it’s up to agency leaders to look for opportunities to gain operational security efficiencies and organizational improvement.
The CISO reporting structure varies slightly across agencies. Under the Federal Information Security Management Act (FISMA), information security functions, including cybersecurity, are the responsibility of the agency CIO. The CIO reports directly to the chief operating officer (COO) – or the equivalent – who reports to the agency head.
…
