EN, Search Security Resources and Information from TechTarget

CISO reporting structure key to strong cybersecurity outcomes

<p>Who should the chief information security officer report to? It depends on whom you ask and on what the organization wants to accomplish by having a CISO in the first place.</p>
<p>That said, for the majority of organizations, it’s critical to have the CISO report to a business executive rather than a technology executive,<i> </i>and with as few levels as possible between the CISO and the CEO. Research shows that security outcomes — based on objective and concrete metrics — tend to be worse in organizations where the CISO reports to someone who neither is the CEO nor reports directly to the CEO.</p>
<section class=”section main-article-chapter” data-menu-title=”Common CISO reporting structures”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Common CISO reporting structures</h2>
<p>CISOs typically report to either a business position, such as the CEO, COO or chief risk officer (<a href=”https://www.techtarget.com/searchsecurity/definition/chief-risk-officer-CRO”>CRO</a>), or a technology position — typically, the <a href=”https://www.techtarget.com/searchcio/definition/CIO”>CIO</a>.</p>
<p>The choice depends on how the organization views cybersecurity: as a <a href=”https://www.techtarget.com/searchsecurity/feature/A-CISO-evolution-means-connecting-business-value-to-security”>transformative business enabler</a>; as a business enabler focused on ensuring continuity and integrity in operations; as another facet of risk management; as a compliance checkbox; or as a safety precaution subordinate to delivering IT services.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”CISO to CEO: Cybersecurity as strategy enabler”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>CISO to CEO: Cybersecurity as strategy enabler</h2>
<p>Research shows that organizations where CISOs report directly to CEOs tend to see the best security outcomes.</p>
<h3>Pros of a CISO-to-CEO reporting structure</h3>
<ul class=”default-list”>
<li>Positions <a href=”https://www.techtarget.com/searchsecurity/tip/The-CISO-evolution-From-security-gatekeeper-to-strategic-leader”>cybersecurity as a strategically and operationally critical business priority</a> with top-level support.</li>
<li>Enables the

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: