Access your Pro+ Content below.
Dedicated CISO job still open to debate
Almost 20 years after Citicorp decided to hire an executive-level security position dedicated to protecting its banking business, the responsibilities of the CISO job are still unclear to many business executives and open to discussion. Why do some companies still need convincing?
As threats and infrastructure evolve at a fast pace, chief information security officers have to remain proactive in the face of ongoing digitization and globalization. In this issue of Information Security magazine, we look at the role's elevation and influence on broader security and risk management initiatives. Most importantly, we highlight accomplishments of dedicated chief security officers from different industries -- entertainment, financial services, healthcare, retail and technology -- and get their views on challenges in the CISO job and changes ahead.
"The CISO has evolved from a technical security role to that of a corporate executive with a risk management focus," says Tim Callahan, senior vice president of global security and CISO at Aflac.
Strategic security is an increasing responsibility of the CISO job. A growing number of security officers have implemented a threat intelligence capability to help steer the technical aspects of their security program. We talk to CISOs and other security experts about some lessons they've learned -- sometimes the hard way -- as they lead these efforts. The CISO job is tough, but those who are up to the challenge find great rewards.
Access this PRO+ Content for Free!
Features in this issue
Many organizations are making the CISO a peer to the CIO or taking the position out of IT altogether, says Howitt, who has held several technology and leadership positions.
With today's cyberthreats, the CISO has to know more about intelligence, working with government and private industry, and how to tailor the security program to further the business.
Cyberthreat intelligence is just data if it is not actionable. We offer tips to help your team focus on relevant CTI for faster threat detection and response.
Columns in this issue
The executive-level security position is always up for debate. Is it a technical role, or is it moving out of the IT department to influence broader security and risk management initiatives?
Anahi Santiago of Christiana Care Health System has spent much of her career in healthcare information security. "We are under attack," she says.
CISOs ensure that cloud services comply with IT security and risk management policies. But who has executive oversight of cloud-based technology and data?