CISO Blog

The after effects of Hurricane SolarWinds

Published

4 years ago

on

Whitehouse Executive Action imminent….. I grabbed one item out of the release, it is one that I have been waiting for and I am sure most other #ciso also. It is time that businesses #leadership understand that the CISO can no longer report to the CIO for the same reasons that #Risk and #internalauditing are separate units. The CISO needs that independence to execute their function

https://www.databreachtoday.com/white-house-preparing-executive-action-after-solarwinds-attack-a-16024?rf=2021-02-19_ENEWS_SUB_DBT__Slot1_ART16024&mkt_tok=eyJpIjoiWVdZM09EWTNOR1F5TnpSbSIsInQiOiJDcUVRUCtLMzZJR1ZQMytINXlxK3duYWgzTEZlNkEwRnRXd1czbFpEOTdJNWxnQVR6VVU0Tnh4SkxKTjB5aE5NVTZzdG1TcVNuaG5oNFdSRHlQZUxUXC9IZkpvenE0UU1LaVRtSnVKalVtenR4eHlnOEF4ZzYrXC9heG1sZGNNRE95aXJcLzdWZjVcL3lwV3dzcnR0REVJaG1RPT0ifQ%3D%3D

“Since the position of the CISO was created, most report to the chief information officers within organizations. However, the CISO-to-CIO reporting structure represents a potential governance crisis,” Kellermann says. “The defensive mindset of the CISO often conflicts with the uptime, availability and content-driven goals of CIOs. Another concern relating to this structure is that cybersecurity measures may come second.”

Related Topics:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trending

Exit mobile version