Who should have the ultimate responsibility for cyber security - the CIO or the CISO?

Strategy & ArchitectureTeam & Organizational Design
23.4k views3 Upvotes18 Comments
Chief Security Officer in Software, 10,001+ employees
CISO
2 7 Replies
CIO in Software, 501 - 1,000 employees

CISO unless the CIO has a very strong background in Cyber Security

CTO in Software, 11 - 50 employees

CISO

Chief Information Officer in Services (non-Government), 51 - 200 employees

The CISO with a direct line to CEO or BoD would be ideal.

CTO in Software, 11 - 50 employees
The entire company, including the Board
6 1 Reply
CIO and Startup Advisor in Software, 10,001+ employees

This is by far the best answer here...

1
Chief Security Officer in Software, 10,001+ employees
I’ll add to my original comment. If a company is mature enough then I still think the CISO, but in a lot of cases, depending on who has the most business/technology responsibility, it is usually the CTO or CIO. At my last 2 companies it has been the CTO.
CTO in Software, 11 - 50 employees
I don't understand the context around a company being mature enough, or not, for security to be a first-class citizen. That will never be solved by reporting structure, and security, as I at least previously implicitly said, needs to be embedded into the entire DNA of a company. Compliance != Security
2
Chief Security Officer in Software, 10,001+ employees
Completely agree Mike and I think that is what all security pros strive for, but that isn’t always the reality. However, some organizations just haven’t figured out the priority of security.
1
CISO in Retail, 1,001 - 5,000 employees
I also completely agree with Mike. No single position can consume ultimate responsibility for Cybersecurity. This is a risk that needs everyone and departments in the organisation collectively to prevent, mitigate, address and respond to. So the management board is ultimately responsible.
1
Group Chief Information Officer in Construction, 5,001 - 10,000 employees
Every single employee, all executives and board members
2
CEO in Services (non-Government), 201 - 500 employees
CISO
CIO in Education, 1,001 - 5,000 employees
CIO
VP of IT in Media, 201 - 500 employees
CIO of course…

Content you might like

Which components of the Oracle Database environment do you plan to move to the cloud? (Select all that apply)

CloudApplications & PlatformsData & Analytics+7 more

Production45%

Backup65%

Replication33%

Non-production DBs (Dev, Training, QA, etc.)30%


216 PARTICIPANTS
1.5k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.6k views133 Upvotes324 Comments

How important are pilot projects in implementing an industry 4.0 strategy?

Strategy & ArchitectureInnovation

Very important.31%

Important.60%

Not necessary.5%

Not important at all.1%


880 PARTICIPANTS
3.2k views

What are some ideas to keep up team morale remotely? Are there specific or structured adjustments you've made to counteract burnout/keep up productivity and mental health?

People & LeadershipProcess ManagementTeam & Organizational Design+9 more
Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
13.4k views27 Upvotes67 Comments

How do you see the current landscape for finding jobs that don't demand extensive prior experience, and how might this trend evolve?

Talent Sourcing & HiringTeam & Organizational DesignProcess Management+1 more
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
There are a lot of intern positions posting and increasing.
1 Reply
Read More Comments
1.5k views2 Upvotes8 Comments