Prometheus Blogs

Who Should The CISO Report To?


It’s been suggested that Chief Information Security Officers (CISOs) must report to the agency head to be effective, instead of reporting to the Chief Information Officer (CIO).

One of the reasons given is that:

“Such an organizational construct reduces cybersecurity to a mere IT security problem, ignoring the growing importance of cybersecurity’s reach across all of the personnel, physical and cultural strata of an agency’s makeup, not to mention its grander organizational privacy, risk management and compliance obligations. Congress seems to believe that the often politically appointed CIO with myriad budget-cutting and help desk headaches is the appropriate senior official under whom to subordinate the critically important and growingly complex cybersecurity portfolio.”

The agency head is actually more likely to be a political appointee than the CIO, and the agency head has even more concerns than the CIO: cybersecurity is likely to get less attention from the head than from the CIO.

Furthermore the crosscutting nature of security still remains if the CISO reports to the agency head. The CISO would still need to coordinate with the people responsible for “the personnel, physical and cultural strata”. Unless, of course, all those people are made to report to the CISO – creating even more of a distraction from security.

Reader Comments
  1. sdvsvd said... around about 1 year ago - 바카라사이트 - 카지노 - 예스카지노 - 더킹카지노
  2. gsdsvsv said... around about 1 year ago - 모바일카지노 - 정선카지노후기 - 포커사이트 - 슬롯머신사이트 - 온라인카지노주소
Leave a Comment