Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

The CISO shouldn't be the defender of security: Gartner

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 20 Aug 2013 05:19:55 +0000 (UTC)
http://www.zdnet.com/the-ciso-shouldnt-be-the-defender-of-security-gartner-7000019539/

By Michael Lee
ZDNet News
August 19, 2013
Despite CISOs having the words "information security" in their title, their role should not be that of the company's defender against hackers and online attacks, according to Gartner vice president and security and risk management chief of research Paul Proctor.
Speaking at the Gartner Security and Risk Management Summit in Sydney on Monday, Proctor said that too often, the CISO is seen by a company's board as the one responsible for ensuring that the business is protected against attacks. However, he argued that when this happens, the board isolates itself from business risks with the excuse that they are IT problems.
"CISOs are their own worst enemy when they position themselves as the defenders of the organisation, because it lets the executives skate on accountability," he said.
As a result, Proctor said that CISOs find themselves arguing for more money from the board, and the board itself doesn't see information security as a risk-mitigating exercise, but rather as a continual payment for "perfect" security. 

[...]



--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
Previous By Date Next
Previous By Thread Next

Current thread: