Putting the ‘I’ in CISO: Why the Security Leader Must Become an Influencer

As an influencer, the CISO can play a key role in shaping the organization’s cybersecurity risk strategy. When the security leader’s influence reaches all the way into the boardroom, that influence can actually help save the organization money in the aftermath of a data breach.

One of the most important attributes of a chief information security officer (CISO) is the ability to govern by influence rather than edict. This skill is especially important given that, according to an August 2017 Ponemon report, many organizations struggle with conflicts related to turf and silo issues — nearly half of CISOs still report to chief information officers (CIOs) — and the lines of responsibility for cybersecurity are not always clearly defined.

To resolve these problems, CISOs must explore ways to become influencers within their organizations. But this doesn’t mean the security leader should have absolute authority and total control over the security program. As many CISOs have realized, the cybersecurity function is much more likely today to have veto power over projects, especially IT projects, than ever before. However, veto power can be a double-edged sword that (if abused) can halt innovation and influence employees to turn to shadow IT. Continue reading at SecurityIntelligence.com