It may come as a surprise, but a chief information security officer (CISO) is not the sole authority on security with an organisation. While someone needs to be ultimately responsible for security, leading it by simply issuing instructions will only lead to a very one-sided view of an organisations risk profile and capabilities. Instead, given the rapidly evolving nature of cyber risks, the true strength of an organisation’s cyber security lies in the combined strength.
The importance of multiple views
Without doubt, the role of a CISO has changed significantly over the years. And this is not just because technologies have become more complex, which in turn means cyber criminals are also now more sophisticated than ever.
But the biggest change is the environment in which security and risk functions operate.
Recent cyber-attacks have gleaned significant media and regulatory attention, which in turn means cyber security is getting more attention from boards, stakeholders and customers.
However, although concern is legitimate, complete aversion of cyber risks by burying one’s head in the sand, or purchasing a lot of expensive technology to be as ‘protected’ as…
