[BreachExchange] Industry Calls for Standardization of CISO Role

Destry Winant destry at riskbasedsecurity.com
Fri Oct 18 10:02:40 EDT 2019 

https://www.infosecurity-magazine.com/news/industry-calls-for-standardization/

Professionals from the cybersecurity industry have called for clarity
regarding the role of Chief Information Security Officers (CISOs).

Research from Cyber Security Connect UK (CSCUK), a forum for
cybersecurity professionals, has stated that CISOs are being pulled
into job requirements outside their jurisdiction and that there is a
lack of transparency about the responsibilities of cybersecurity teams
within UK businesses of all sizes.

The research also pointed to a lack of skilled, fully qualified
professionals coming into the profession.

Mark Walmsley, the chair of the CSCUK steering committee and CISO at
Freshfields Bruckhaus Deringer, said: “It is no longer a case of if a
cyber-attack will occur but more appropriately, when. In addition,
these attacks are increasingly becoming more complex and intelligent.
With this in mind, a company’s best defense against such events is a
dedicated person to lead the fight against cyber-attacks."

Not only does this person need to be qualified, Walmsley added, they
must also be dedicated to the cause, have access to information and
budgets that allow them to carry out their job and be able to
constantly and consistently upskill to keep up with the fast-paced,
ever-changing nature of the cybersecurity landscape.

“While it is true that the varying size, financial situation and
purpose of a business may affect the role of the CISO or even the
requirement for such a person at all, where they are in operation,
clear parameters need to be set. Only with standardization and
guidance can the role be fully effective. As further digitization of
processes occurs and cyber-attacks become more sophisticated, this
need will become only greater,” Walmsley argued.

According to CSCUK, in order for standardization to be possible,
professionals believe a benchmarking process must be carried out to
fully understand the scale of variations within the role.

“In order to support CISOs so that they can carry out their roles
effectively, a better understanding of their current situation is
required,” Walmsley explained. “This includes comparing the role
within different organizations in terms of qualifications, access to
the boardroom and budgets, reporting lines and salaries.”

More information about the BreachExchange mailing list