Should the business information security officer (BISO) report to the CIO or CISO?

Team & Organizational DesignSecurity Strategy & Roadmap

CIO19%

CISO56%

Both the CIO and CISO20%

Neither (share your alternative in the comments)2%

Unsure1%

193 PARTICIPANTS
1.7k viewscircle icon1 Upvotecircle icon1 Comment
Sort by:
CISO in Software2 years ago

I would love to hear why BISOs should report to the CIO.

Content you might like

How important is Product-Led Growth (PLG) to your organization's current Go-To-Market (GTM) strategy?

Extremely important19%

Very important49%

Moderately important15%

Neutral10%

Slightly important4%

Low importance1%

Not at all important

View Results

What are the challenges and best practices in implementing robust time-sensitive access controls and location-based risk assessments for secure remote work environments?

Read More Comments

What are the areas that your organization prioritizes for digital risk protection to help defend against cyber threats? (check all that apply.)

Attack Surface Management37%

Account Takeovers64%

Executive Protection48%

Hacktivism/Disinformation30%

Brand Abuse/Impersonations19%

Phishing Attacks30%

View Results

What sorts of challenges have you encountered in adapting your governance framework to address AI adoption across business units, and how are you attempting to resolve these?

Read More Comments

Most of the application team I lead is in Brazil and the global IT leadership (US-based) now wants to move some of that work to a new global delivery center in India to be more cost effective, but I have doubts. The Brazil team is delivering good quality — is cost efficiency enough reason to relocate the work? What are the biggest pros/cons we need to consider?

Should the business information security officer (BISO) report to the CIO or CISO? | Gartner Peer Community