What is the reporting line for Information Security in your organization?
Via the CIO/CTO65%
Via the CRO21%
Via the CFO5%
Our CISO reports directly to the CEO7%
827 PARTICIPANTS
Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees
Would be interesting to see this trend over future years. Supposedly there's been a lot of talk over last few years that InfoSec should be reporting to someone other than CIO (to avoid conflict of interest issues) but reality is that that is still the most prevalent relationship and if it is changing then the pace of change is very slow. Curious if anyone has seen in their orgs this change?Director in Manufacturing, 1,001 - 5,000 employees
Ours was directly to CEO for years until a major breach and the CEO realized he wanted an extra layer of insulation from CISO and any blame. Now CISO and CIO report to CFO with a dotted line to CTO in Engineeringvp information technology in Consumer Goods, 51 - 200 employees
CISO is a risk manager and as such should report to COO, GC, CFO or CEO. What say you all?Strategic Banking IT advisor in Banking, 10,001+ employees
For years, Security has been part of IT. But since 3 or 4 years, the team is not directly under the CEO. Which makes sense since Security isn't only IT. It includes physical security (offices, buildings, employees), risks, cybersecurity, data protection, etc.Being under the CEO is also giving them a total independance over IT or LOB.
Content you might like
Production45%
Backup65%
Replication33%
Non-production DBs (Dev, Training, QA, etc.)30%
217 PARTICIPANTS
Very important.31%
Important.60%
Not necessary.5%
Not important at all.1%
881 PARTICIPANTS
Head of Information Security in Services (non-Government), 1,001 - 5,000 employees
Using relevant examples to help underscore the importance of adhering to policies is key because it helps your messaging resonate. The MOVEit breach has impacted hundreds of companies and millions of individuals, so using ...read moreCTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.