According to the Deloitte CISO Transition Lab, a chief information security officer (CISO) has four faces — the strategist, the advisor, the guardian of business assets, and the technologist.
The findings suggest that on average, CISOs spend 77 percent of their time as “technologists” and “guardians” on technical aspects of their positions, and that they would like to reduce this investment to 35 percent.
“This demonstrates a recognizable shift in their desire to place greater emphasis on the “strategist” and “advisor” functions.”
Faced with escalating cyber threats and increasingly complex regulatory mandates, CISOs are experiencing growing pressure to protect critical information and infrastructure assets, while also embracing strategic business initiatives to integrate a comprehensive enterprise approach to cybersecurity. To address this problem, Deloitte developed the CISO Transition Lab to help accelerate a CISO’s performance.
“As organizations realise that cyber risk is intimately linked to their innovation and growth strategies, expectations of CISOs are changing dramatically,” said Ed Powers, principal, Deloitte & Touche LLP. “An effective CISO can no longer rely on his or her technical expertise alone. They must understand how strategic initiatives create risks and develop security programs that balance the need to drive business performance with the growing realities and complexities of protecting customers, intellectual property, and brand.”
“One of the early expectations of a new CISO is that somehow you are going to step back and see the forest through the trees and be able to tell what you are going to do to make this security program take off. That is where the results of the Transition Lab came into play,” added Powers.
The CISO Transition Lab is a one-day workshop that allows a newly appointed or incumbent CISO to step out of their daily work to take a fresh look at their function. Each one is customised for just one individual.
“A successful CISO determines early how to balance priorities and challenges. It’s in the CISO Transition Lab that the four faces framework is introduced and enables the enterprise security function to find and define their balance across four primary roles.”
Source: First Post