|
With all the evolving regulatory requirements, it also helps if security officers have some legal know-how, says Michael Rasmussen, a vice president at Forrester. They can't necessarily rely on corporate counsel to keep up with the IT impacts of various regulations.
"The CISO definitely needs legal skills today as compliance has been one of the No. 1 drivers of security in the last couple years," he says.
Burton's Fredriksen says industry organizations such as BITS, a consortium of financial-services C-level executives, can help security professionals keep up with emerging legislation and regulatory issues. Proactive security officers get involved and participate in the public processes related to proposed legislation and are ready to offer their organizations thoughtful advice on new issues, he adds.
Others agree that it's important for security officers to be ac...
To continue reading for free, register below or login
To read more you must become a member of SearchSecurity.com
tive not just inside their organization but outside as well: "Whether you're affecting legislation that could impact your corporation or whether it's just being an advocate for education in information security in the academic world," says Northrop Grumman's McKnight.
Maintaining strong peer relationships also can help a CISO succeed, he says. For example, he can call peers at other companies to learn how they handled a particular issue.
More and more, the CISO is transitioning from a security-focused role to a holistic risk management role, McKnight says. "There are trade-offs, certain levels of risk you're willing to take," he says. "Defining that risk for the company and the business owners is essential."
Forrester's Kark predicts that the CISO job of the future will be more about information assurance rather than information protection.
[IMAGE]
|
 |
|
