The CISO’s role is never static. Over the last two decades, it has evolved beyond technical IT security. CISOs are now central to their organization when it comes to risk, compliance and governance. And this comes at a time when businesses are undergoing rapid change in the face of changing threats.

In the past, the CISO or head of IT security has been an inward-facing role, ensuring compliance and keeping data secure. But that has changed, with cybersecurity teams more business oriented. That includes supporting new ways of working – a trend that was underway even before the pandemic – secure software development, and helping the organization understand and manage risks.

New Roles of the CISO: Continuity Planning, Incident Response, and Recovery

Customers, service users, and citizens are less and less tolerant of outages, downtime, and data loss. Regulators and stakeholders need to know that the organization can protect sensitive data and deal promptly with a security issue.

All organizations need to plan for business disruption and breaches, both in terms of business continuity and recovery. The responsibilities of security and business continuity are moving closer together in many enterprises. Increasingly, this falls within the CISO’s role. Business continuity is no longer just an IT issue, and it is closely interwoven with security.

CISOs are responsible for information assurance and for making sure the business can recover data and systems. This goes beyond managing IT security tools such as firewalls or anti-virus. The CISO is a key partner in ensuring the business meets the needs for continuity, availability, and integrity alongside other key executives such as the CIO and the chief risk officer.

And with the increasing importance of supply chains – both upstream and downstream – CISOs find themselves working more with suppliers, customers, and other stakeholders.

At the (Read more...)