http://www.zdnet.com/the-ciso-shouldnt-be-the-defender-of-security-gartner-7000019539/
By Michael Lee
ZDNet News
August 19, 2013
Despite CISOs having the words "information security" in their title,
their role should not be that of the company's defender against hackers
and online attacks, according to Gartner vice president and security and
risk management chief of research Paul Proctor.
Speaking at the Gartner Security and Risk Management Summit in Sydney on
Monday, Proctor said that too often, the CISO is seen by a company's board
as the one responsible for ensuring that the business is protected against
attacks. However, he argued that when this happens, the board isolates
itself from business risks with the excuse that they are IT problems.
"CISOs are their own worst enemy when they position themselves as the
defenders of the organisation, because it lets the executives skate on
accountability," he said.
As a result, Proctor said that CISOs find themselves arguing for more
money from the board, and the board itself doesn't see information
security as a risk-mitigating exercise, but rather as a continual payment
for "perfect" security.
[...]
--
Find the best InfoSec talent without breaking your
recruiting budget! Post a Job, $99 for 31 days.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
