Is the CISOs main priority to "protect the business" or "enable the business"?
Also "protect the business" and "enable the business" shouldn't be and isn't always mutually exclusive.
Senior leadership should consider and agree upon a balanced risk vs reward ratio as well as weigh carefully individual risk vs reward decisions for the organization where profit isn't always the 100% motive nor is protection. Look at the painful calculations and decisions businesses have had to make (stay open? reduce production/capacity? close completely?) during this pandemic.
All officers in the organization need to make judgements whether the risks are worth the rewards that they enable even though their individual viewpoints may differ.
I don't disagree with you. The CISO (Chief Information Security Officer) is hired to ensure that systems and data (including information assets) are protected (100%) from cyber attacks, viruses, unauthorized access, ransomware, (the one that get you fired almost immediately). He ensures that the senor executives (Chairman, CEO, Board Members) can have a good night sleep. The CIO ensures the other IT pieces are in place (99.999 uptime) to support the business to carry out its functions to achieve the organization strategic goals and objectives (making profits and increase shareholders value). These are the two most important IT roles in the organization.
Agree Clifton but protection is changing in an aggressive pace, meaning we have to automate traditional approaches with which we protect to offer assurance. We may be saying the same thing.
Content you might like
Software category13%
Organizational structure46%
New operating model18%
Buzzword21%
Our team will have the option to work remotely for all or part of the week42%
Our team will return to the office as soon as it is safe to do so32%
Our team will permanently work remotely13%
Our team has already returned to the office10%
Our team never left the office to work remotely1%
Undecided2%
However, the CISO role is in transition - enabling the business and help keep the business focused, functioning, and moving forward. CISOs need to be able to talk about risk management and articulate the impact of risk to the organization in terms the business can understand. Going forward, CISOs must understand and speak the language of business enablement and balance technical competency to protect the business.