This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.
Roles and responsibilities aren’t always clearly defined at the executive level. There’s often overlap across certain key initiatives and teams, which can lead to blurred lines or confusion among stakeholders. This is particularly common across CIO and CISO roles.
Traditionally at most organizations, the CISO position was created and nested under the IT department’s umbrella, with the CISO reporting to the CIO. This started to shift in recent years, as the responsibilities of the CISO expanded in parallel with the increasing complexity of security risks and the cyber threat landscape. Information security professionals are now squarely accountable for protecting their organizations from costly data breaches — estimated to cost an average of $8.19 million per incident — and managing security staffing and resources that represent a $173 billion market.
originally appeared on Source link