Is the CISOs main priority to "protect the business" or "enable the business"?

858 views3 Upvotes7 Comments

Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I believe the role of the CISO is still evolving. In many instances, the CISO role was established to either manage regulatory and privacy requirements or to manage the information security function. In that early phase of the role, the CISO role mostly protected the business through technical competency.


However, the CISO role is in transition - enabling the business and help keep the business focused, functioning, and moving forward. CISOs need to be able to talk about risk management and articulate the impact of risk to the organization in terms the business can understand. Going forward, CISOs must understand and speak the language of business enablement and balance technical competency to protect the business.
Assistant Director IT Auditor in Education, 10,001+ employees
Both, first priority is to ensure the business systems and data are well protected and second, the systems function as intended to meet the business objectives. The CIO will play more of a role in helping the business achieve their goals and objectives.
Principal Information Security Officer in Education, 10,001+ employees
For any office, part of 'protect' the business should be to make certain that the business can survive and thrive -- rather than thinking of 'protect' in a more narrow sense such as 'protect the information' of the business or 'protect the network and servers and workstations' of the business.  Senior leadership (and, indeed, the entire organization) should be in alignment and agreement with the organization's goals and objectives.

Also "protect the business" and "enable the business" shouldn't be and isn't always mutually exclusive. 

Senior leadership should consider and agree upon a balanced risk vs reward ratio as well as weigh carefully individual risk vs reward decisions for the organization where profit isn't always the 100% motive nor is protection.   Look at the painful calculations and decisions businesses have had to make (stay open?  reduce production/capacity?  close completely?) during this pandemic.

All officers in the organization need to make judgements whether the risks are worth the rewards that they enable even though their individual viewpoints may differ.
1 2 Replies
Assistant Director IT Auditor in Education, 10,001+ employees

I don't disagree with you. The CISO (Chief Information Security Officer) is hired to ensure that systems and data (including information assets) are protected (100%) from cyber attacks, viruses, unauthorized access, ransomware, (the one that get you fired almost immediately). He ensures that the senor executives (Chairman, CEO, Board Members) can have a good night sleep. The CIO ensures the other IT pieces are in place (99.999 uptime) to support the business to carry out its functions to achieve the organization strategic goals and objectives (making profits and increase shareholders value). These are the two most important IT roles in the organization.

VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees

Agree Clifton but protection is changing in an aggressive pace, meaning we have to automate traditional approaches with which we protect to offer assurance.  We may be saying the same thing.

VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees
Security is the frictionless enabler as companies are having to move at the speed of digital transformation leveraging next gen capabilities is one in the same.  I cant protect the business if it is not enabling it.
CIO - India in Retail, 1,001 - 5,000 employees
For me the main priority is protection. If he/she succeeds in doing that, then they are automatically enabling the business to go faster towards their objective.

Content you might like

Software category13%

Organizational structure46%

New operating model18%




Our team will have the option to work remotely for all or part of the week42%

Our team will return to the office as soon as it is safe to do so32%

Our team will permanently work remotely13%

Our team has already returned to the office10%

Our team never left the office to work remotely1%



973 views1 Comment

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.9k views131 Upvotes319 Comments

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
67.1k views69 Upvotes39 Comments