COMMENTARY: As chief executive officers (CEOs) and boards ask their chief information security officers (CISOs) to help them navigate regulatory and cyber risks with an eye toward business resilience and profitability, the cybersecurity world view in the C-suite has shifted dramatically.
The CISO evolution from a technical focus to a business focus has been under way for some time – and in the coming years a much more diverse group of candidates will fill this top cyber role.
[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]
These future CISOs must have risk management DNA running through their blood. They will need to keep cyber risk visible – and always do that in the context of broader enterprise risk. They’ll operate with the understanding that cyber represents just another vector by which risk manifest itself—just like any other financial or logistical or competitive risk that managed to maximize profitability and business health.
The real trick to getting to that enlightened state is in how well CISOs can measure and communicate risk status to the board. Today, it’s still…
