The after effects of Hurricane SolarWinds

Whitehouse Executive Action imminent….. I grabbed one item out of the release, it is one that I have been waiting for and I am sure most other #ciso also. It is time that businesses #leadership understand that the CISO can no longer report to the CIO for the same reasons that #Risk and #internalauditing are separate units. The CISO needs that independence to execute their function

“Since the position of the CISO was created, most report to the chief information officers within organizations. However, the CISO-to-CIO reporting structure represents a potential governance crisis,” Kellermann says. “The defensive mindset of the CISO often conflicts with the uptime, availability and content-driven goals of CIOs. Another concern relating to this structure is that cybersecurity measures may come second.”