What can a CISO do if their authority is unequal to that of other C-suite execs (apart from the CEO)?

Security & GRCSecurity Strategy & Roadmap
1.4k viewscircle icon25 Comments
Sort by:
PMO – Engineering in Software3 years ago

Fr Chief Information Security Officer, s/he can establish and maintain the strategy and vision to ensure information and technology needs are adequately communicated and executed. 

Senior IT Manager in Government3 years ago

Make sure the rest of the c-suite is aware of and understands the risks of inadequately addressing security. Partner with other c-suite execs who do have the authority and understand the risks. 

IT Director and Software Producer in Software3 years ago

A CISO (vs. most other C-Suiters) should have the ability to truly understand the DR plan in all its permutations. Playing through as many contingencies as possible and getting hands-on with solutions sets this role apart in my opinion. 

This relates directly to Ben Rothke's comment ("Consider that CSO in that case = Chief Scapegoat Officer.") in that, yes (LOL), the CISO is going to be the one getting sprayed when "stuff hits the fan", so hopefully they've prepared for that outcome and have a hazmat suit ready to go.

Managing Director in Manufacturing3 years ago

They will need to build political capital that can enable them to protect the security and safety of the organizations data. While they do this they need to enable the role to become an equal member of the C-Suite too, otherwise the accountability and value of the role is unlikely to retain quality talent. 

CIO in Education3 years ago

Authority doesn't necessarily reflect on the ability to get things done. If you do your job well, then others at the C-level will recognize and respect that. That will bring the authority with it, whether it's only implied or actually given.

Content you might like

We implemented Oracle HCM recently including Redwood.  Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

For on premise environment, does your company run Kubernetes worker nodes on VM or BM(bare metal), and why?

Read More Comments

GitHub's Developer Rights Fellowship will provide legal support to developers whose source code runs afoul of the Digital Millennium Copyright Act (DMCA). How do you see this affecting open source code legislation?

It will encourage eased restrictions and more advocation on behalf of open source communities.29%

It will bring the wrong attention to DMCA practices and cause additional legal issues.52%

It will balance the scales on difficult to navigate DMCA legislation, but no changes in the foreseeable future.14%

I don't know4%

View Results

What requirements have you used to evaluate and select a SAAS SPM tool?

Do you have a system to apply patches in a repeatable way?

Yes37%

We're currently developing a system to apply patches.38%

No, but I expect that may change.16%

No, and I don’t expect that to change.7%

Other (please specify in the comments)

View Results