This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
With all the evolving regulatory requirements, it also helps if security officers have some legal know-how, says Michael Rasmussen, a vice president at Forrester. They can't necessarily rely on corporate counsel to keep up with the IT impacts of various regulations.
"The CISO definitely needs legal skills today as compliance has been one of the No. 1 drivers of security in the last couple years," he says.
Burton's Fredriksen says industry organizations such as BITS, a consortium of financial-services C-level executives, can help security professionals keep up with emerging legislation and regulatory issues. Proactive security officers get involved and participate in the public processes related to proposed legislation and are ready to offer their organizations thoughtful advice on new issues, he adds.
Others agree that it's important for security officers to be active not just inside their organization but outside as well: "Whether you're affecting legislation that could impact your corporation or whether it's just being an advocate for education in information security in the academic world," says Northrop Grumman's McKnight.
Maintaining strong peer relationships also can help a CISO succeed, he says. For example, he can call peers at other companies to learn how they handled a particular issue.
More and more, the CISO is transitioning from a security-focused role to a holistic risk management role, McKnight says. "There are trade-offs, certain
Forrester's Kark predicts that the CISO job of the future will be more about information assurance rather than information protection.
This was first published in July 2007