Access your Pro+ Content below.
Filling the CISO role: Is there any reason enterprises shouldn't?
This article is part of the Information Security magazine issue of May 2014 Vol. 16 / No. 4
Due to a string of high-profile data breaches -- and embarrassing incidents like the National Security Agency leaks committed by Edward Snowden -- more companies are debating the business necessity of having good security practices in place. While vendors emphasize the importance of new technology in mitigating security incidents, a number of organizations seem to be overlooking an obvious hole: the lack of a dedicated security pro in the CISO role. The role of chief information security officer has been around for nearly two decades, since Citigroup recruited industry veteran Stephen Katz to fill the position in 1995. Still, despite the increasing prominence of both the position and information security as whole, some large organizations still forgo hiring a dedicated CISO. As the fallout from the epic Target breach continues to rattle the security industry, surprisingly -- or maybe not -- the Fortune 500 retailer lacked a dedicated CISO. The information security program at Target was split among several executives, who ...
Access this PRO+ Content for Free!
Features in this issue
This Beyond the Page explores the evolution of two-factor authentication and a range of emerging FIDO-ready technologies.
Will open FIDO standards for better interoperability of next-generation authentication technologies actually work?
The patchwork of state laws has not slowed epic data breaches. Will we see federal data breach notification laws in 2015?
In the wake of the Target breach, many companies still don't have a dedicated CISO.
Columns in this issue
Can the technology industry solve cybersecurity and data protection issues without federal legislation?
Are critics of the penetration test wrong? Find out what breaking and entering your enterprise network can reveal about the state of your security.
APT gives new meaning to targeted attacks that often rely on low-tech tactics and flawed network security.