Who should have the ultimate responsibility for cyber security - the CIO or the CISO?


23.4k views3 Upvotes18 Comments

Chief Security Officer in Software, 10,001+ employees
CISO
2 7 Replies
CIO in Software, 501 - 1,000 employees

CISO unless the CIO has a very strong background in Cyber Security

CTO in Software, 11 - 50 employees

CISO

Chief Information Officer in Services (non-Government), 51 - 200 employees

The CISO with a direct line to CEO or BoD would be ideal.

CTO in Software, 11 - 50 employees
The entire company, including the Board
6 1 Reply
CIO and Startup Advisor in Software, 10,001+ employees

This is by far the best answer here...

1
Chief Security Officer in Software, 10,001+ employees
I’ll add to my original comment. If a company is mature enough then I still think the CISO, but in a lot of cases, depending on who has the most business/technology responsibility, it is usually the CTO or CIO. At my last 2 companies it has been the CTO.
CTO in Software, 11 - 50 employees
I don't understand the context around a company being mature enough, or not, for security to be a first-class citizen. That will never be solved by reporting structure, and security, as I at least previously implicitly said, needs to be embedded into the entire DNA of a company. Compliance != Security
2
Chief Security Officer in Software, 10,001+ employees
Completely agree Mike and I think that is what all security pros strive for, but that isn’t always the reality. However, some organizations just haven’t figured out the priority of security.
1
CISO in Retail, 1,001 - 5,000 employees
I also completely agree with Mike. No single position can consume ultimate responsibility for Cybersecurity. This is a risk that needs everyone and departments in the organisation collectively to prevent, mitigate, address and respond to. So the management board is ultimately responsible.
1
Group Chief Information Officer in Construction, 5,001 - 10,000 employees
Every single employee, all executives and board members
2
CEO in Services (non-Government), 201 - 500 employees
CISO
CIO in Education, 1,001 - 5,000 employees
CIO
VP of IT in Media, 201 - 500 employees
CIO of course…

Content you might like

Production45%

Backup65%

Replication33%

Non-production DBs (Dev, Training, QA, etc.)30%


216 PARTICIPANTS

1.5k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
46.6k views133 Upvotes324 Comments

Very important.31%

Important.60%

Not necessary.5%

Not important at all.1%


880 PARTICIPANTS

3.2k views

Community User in Software, 11 - 50 employees

organized a virtual escape room via https://www.puzzlebreak.us/ - even though his team lost it was a fun subtitue for just a "virtual happy hour"
10
Read More Comments
13.4k views27 Upvotes67 Comments

Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
There are a lot of intern positions posting and increasing.
Read More Comments
1.5k views2 Upvotes8 Comments