If you were creating a security organization from scratch, would you put it under the umbrella of the IT organization or make it an independent department with a direct line of communication to the executive suite?
The issue of whether the traditional, hierarchical relationship between a company’s top technology officers -- the CIO and CISO – is still valid was starkly brought into view this past March with the resignation of Target CIO Beth Jacobs in the wake of the retailer’s now infamous data breach. One of the many questions raised by the Target breach is who should ultimately be responsible for data security. Is it the CIO who is typically tasked with broadly managing the entire IT infrastructure of an organization, or the CISO, whose job it is to protect the data and information contained within those systems.
In our next episode of Dark Reading Radio, we’ll discuss the evolution of the CISO and whether today’s organizational structures offer the best way to manage risk and defend against data breaches and attacks. Our guests are CIO Bob Quinn and CSO Rick Howard of Palo Alto Networks, and Steve Durbin, Managing Director of the Information Security Forum. Among the topics we’ll explore:
- Why should the CISO report to the CIO?
- What, if anything, has changed in the post-Target era to elevate data security from one of several cohorts of an enterprise IT structure to that of an independent domain totally responsible for risk management?
- Is there an inherent conflict between the needs of IT (running the infrastructure, gaining a competitive advantage) versus the needs of security (perceived as a cost not a benefit)?
- How should the CISO communicate and interact with the executive suite and board of directors? Does the chief security office deserve a seat at the table?
- What are the friction points between the CIO and CISO, and how can the two work together effectively?
I hope you'll join our show and offer your insights and opinions to the conversation. You can post your comments and questions below or bring them to the Dark Reading radio studio on Wednesday where you can participate directly through online chat. Please note, you’ll need to register for the broadcast to participate. I look forward to seeing you there.