The cyber world is on alert following recent high-profile security breaches and hacking incidents. Inferior IT systems used in the automation of business processes and increased cyber trading have opened the floodgates for hackers.
Historically, the role of the chief information security officer (CISO) focused on all things IT. CISOs spent their time selecting, deploying and overseeing IT solutions. Some roles were even comparable to today’s IT security administrator jobs — guarding firewalls, negotiating with software vendors over antivirus solutions, scanning and clearing viruses from infected computer devices, and more. Many duties were completed to simply keep regulators at bay.
Today, the CISO is a part of a much bigger picture — in security and in business. What can a successful information security officer bring to the corporate table?
The new CISO is not just an IT steward, but also a business enabler. The role now requires a seat at the C-level suite, sitting in boardrooms and taking part in IT decision-making with regard to systems availability and business performance. The CISO must understand business processes at all levels to be able to integrate the right machines and technology.
The Missing Link
In many organizations, IT and business still can’t see eye to eye. With IT security now a priority, the new role of the CISO links the executive hierarchy to the individual business units. This new role calls for a second link – the bottom link – where more proactive collaboration between IT analysts and business managers can happen in each department.
As an advocate for security, the new CISO is tasked as a risk manager. The role now requires identifying vectors of vulnerability and weakness in the security system and providing immediate solutions to mitigate risks. The CISO and team enforce access logs to establish traceable audit trails for easier determination of accountability. The CISO is likewise expected to explore opportunities to deliver enterprise IT systems and networks in a secure manner that is compliant with applicable regulations.
Influencer, Protector, Responder
These three new roles of the CISO were identified in a recent IBM survey. It revealed that organizations are looking at security with a holistic approach and are elevating the CISO to a more strategic position. Influencers are characterized as those who are confident and strategically prepared to influence business performance. Protectors are those with a strategic plan to prioritize security. And Responders are considered those who focus largely on protection and compliance.
Fundamental skills and competencies
Executives with a computer science or computer engineering background and experience in IT security at large enterprises are good candidates. Cybersecurity solutions product specialists and computer degree graduates with corporate IT experience can also fit into the role.
A deep technical background and experience is a must, but business acumen is another important consideration. CISOs must integrate IT into business to improve the performance of people, machines, processes, and the bottom line.