Friday, March 6, 2020

Global Security Services

The CIO and CSO need to be peers.  IT and security need to have equal representation in the board room, making sure the executives have accurate information.  Typically the CIO will report to the COO and the CSO will report to CFO.  The COO and CFO directly report to the executive.  However an organization decides to structure it, the CIO and CSO must have a different reporting structure.

In order for the CIO and CSO’s to have an effective working relationship, they must have clear boundaries of responsibility.  Typically what works best is for the CSO to define the proper level of security, the CIO to implement the security and the auditor to validate that the security is being done correctly. 
security connection 
 The security that is defined by the CSO should be based off of metrics that are used as a reporting structure to the executives, so they can understand the proper level of risk to accept for the organization.  Metrics based security is key to success.  With metrics there are clear guidelines of what must be done and an easy way to measure compliance.

Organizations in this day and age must have a CSO.  Every day that passes, with more breaches becoming public, it becomes easy to convince the executives that they need a CSO.  The problem is many CIO’s do not want to have a CSO, because it is easier for them to accomplish their jobs if they control all aspects of the IT infrastructure.  Therefore the CIO will not usually lobby for a CSO.  There needs to be another advocate convincing the CEO.  The simple question to sell the CEO is “are you comfortable with the level of security at your organization and are you receiving the proper security metrics to make the decisions?”  The problem today is many CEO’s want to create a position of a CSO, but the CIO convinces them they do not need one.  While they have good intentions, it is often the CIO that lobbies against a CSO, since a CSO will cause them to give up control and potentially make their job more difficult.  For example, when a CSO comes in they often disclose all of the security problems, which show that security was not being properly addressed within the organization.
at

1 comment:

Subscribe to: Post Comments (Atom)

controls engineer salary

  Those who have ambitions in the aeronautical or astronautical fields will need to shine a light on aerospace engineering. It's literal...

  • Wireless Network Applications
    Wireless Equipment Some of the access point equipment that normally comes with omni 2 Dbi antenna, often removable, in which links can ...
  • what are the roles and responsibilities
      Windows-based software tools can be used on a laptop. Using them involves recording aspects of wireless connectivity such as the connectio...
  • infrastructure support
      The different site survey tools available will have different displays and measures of success, but t The different site survey tools avai...