One of the most important attributes of a chief information security officer (CISO) is the ability to govern by influence rather than edict. This skill is especially important given that, according to an August 2017 Ponemon report, many organizations struggle with conflicts related to turf and silo issues — nearly half of CISOs still report to chief information officers (CIOs) — and the lines of responsibility for cybersecurity are not always clearly defined.
To resolve these problems, CISOs must explore ways to become influencers within their organizations. But this doesn’t mean the security leader should have absolute authority and total control over the security program. As many CISOs have realized, the cybersecurity function is much more likely today to have veto power over projects, especially IT projects, than ever before. However, veto power can be a double-edged sword that (if abused) can halt innovation and influence employees to turn to shadow IT. Continue reading at SecurityIntelligence.com