That's unfortunate, as it shows too often the CISOs don't get a seat at the table, and when reporting to CIOs there is a strong inherent conflict of interest between information security and IT projects.
Fortunately, the tide may be turning, as we reported in CSO magazine's annual State of the CSO survey, forty-six percent of the security decision-makers surveyed in the report believe that their own organizations have placed more value on risk management in the past year while sixty one percent expect company leaders to value risk management more in the year ahead. Survey results suggest the larger the organization the more value leadership places on risk management.
What's more, nearly three quarters (seventy four percent) of the security professionals we surveyed have seen an increase in the amount of time they spend advising senior executives and other top business decision makers on security-related matters and 79 percent expect their time spent in that area to increase during the next three years.
Now, with that attention, it's important the opportunity isn't squandered, and use this time to build credibility. "Security can help the business reach its goals, and part of building that credibility is not playing Chicken Little, and realize that not everything can be a top priority. Businesses look at specific issues, determine their potential impact on the bottom line, and what needs to be done to manage the issue, and whether or not it is actually worth dealing with the issue,"says Honan.
And that's where the real value and CSO leadership comes into play —helping the business decide what areas need the most effort and risk reduction —and showing the way to get there.