When it comes to cybersecurity governance and management, there is no “one size fits all” approach.

Today’s CISOs have a far wider range of responsibilities than their predecessors as heads of IT security.

The CISO role is no longer purely technical, focused on hardware and endpoint protection and on operations within the organisational perimeter. Today’s CISO is as likely to be involved with software security, cloud applications, security awareness, and user training.

Reporting lines are different, too. Although some CISOs still report to the CIO or even the IT director, they are as likely to have their own seat on the Board. This represents a wider shift in attitudes to information and cybersecurity. Cyber attacks pose an existential threat to organizations. A Board-level response is not just appropriate; it is essential.

The CISO’s Expanding Role

But updating cybersecurity governance should also go hand in hand with developments in the organization’s approach to risk. Cyber threats are no longer something that can be avoided. To a degree, they are a cost of doing business.

There is much commentary around the need for organizations to understand their attitudes to risk. Cyber risk is no exception. Some if not all this responsibility will lie with the CISO. They need to analyze risks, put forward mitigation measures, and present the results to the board.

As well as monitoring new and changing threats, CISOs need to stay ahead of developments in technology.

These includes cloud technology, artificial intelligence and machine learning, as well as the use of advanced analytics and sensors. Some of these developments are specific to security and are the key to providing a faster response to more damaging attacks. Others are being driven by the needs of the wider business to improve its agility, flexibility, and customer responsiveness.

Add to this the (Read more...)