Evolving Role of a CISO

by Sonal Desai    May 06, 2009

As CEOs are increasingly asking CIOs to participate in business decisions and strategy planning, it is the chief information security officers (CISOs), along with the chief technology officers (CTOs), who have taken charge of the enterprise security.
 
In India, the definition of a CISO is no different. According to Girish Trivedi, deputy director, South Asia Middle East (IC T Practice), at Frost &  Sullivan, the CISO has to help manage information security within the CIO organization. "However, with the changing scenario, enterprises are adopting more and more technology for day-to-day affairs. Hence the need for reliable Internet connections, and the entry to an enterprise connection has gone beyond just desktops. More people now have access to data. Also compliance, governance and regulations are driving the need to keep your information secure. This is where a CISO plays an important role."
 
Although BFSI has been the early vertical to realize the need for a CISO, the IT/ITES and the manufacturing sectors are also waking up to this reality. Also the shift in manner from traditional to digital is encouraging enterprises to hire CISOs.  Customer data is of utmost importance in the IT/ITES segment, whereas in ERP, R&D in manufacturing some more trends are driving the need for a CISO. The increasing focus on a CISO was also determined by the CXOs recently surveyed by CXOtoday for its information security survey. While many large enterprises said they are weighing whether or not to hire a CISO, many among those said that a CISO will certainly be a welcome relief to prevent security breaches in their enterprises.
 
A CISO can also be an enabler to the CIO who has to convince management regards IT budgets. And while the CIO drives the entire strategy, the CISO can plug loopholes. And as the CIO increasingly and actively starts participating in board decisions, the CISO, who at present is a shadow of the CIO, will start playing a more pro-active role.
 
"CISOs will take ownership of information, and their role will go beyond the firewalls and antiviruses. We see them maturing over the next 18-24 months. In some organizations, the process has begun. But that is just the start," said Trivedi.

 

Related Links
25% CXOs Admit to System Compromise
"IT helps us innovate and improve"