Exploring the Shift from Information Security to Digital Competitiveness
Information is the lifeblood of almost all businesses today. At the same time, not a week goes by without news of another big hack or security breach. The pressure on the security function is immense, and security professionals need a fine balance of skills to bring together risk, compliance, operations and technology in any large organization. Sadly, they rarely find time to grow their relationships and standing in the corporation.
The role of CISO is difficult yet crucial. Not all organizations appoint an executive CISO; many have a security director report into the CIO or else into risk and compliance functions. A dedicated CISO role is crucial, both politically and culturally, for it sends a strong message about the priorities and commitments of the business.
Traditionally, the CISO is preoccupied with guarding data, but the scope of the work can expand to overseeing and cultivating the many factors that actually make information assets valuable: their quality, pedigree, completeness and utility, to name just a few. Constellation has researched trends in security management and discovered that CISOs, thanks to their training and skill set, are ideally positioned to make a special contribution to the competitiveness of their organizations. It’s a frequent refrain that CISOs need to make security an “enabler”, but until now, this has been easier said than done. CISOs have struggled to progress from a typically defensive position; CIOs have typically separated their strategic visions from the more tactical and reactive security imperatives. But now the CIO and CISO can both use the discipline of security to add enormously more value.
In this report, Constellation shows how the security professional’s toolkit can evolve to help the vital information assets of the business. Security methods can be transformed and joined to the core concerns of the whole executive. The roles of CIO and CISO are ready to be cemented into the C-suite of most modern organizations.
This report provides key concepts and frameworks for broadening the focus of information security activities to include the utilization of the organization's information to make a stronger, strategic contribution to the enterprise’s competitiveness. The roles of both Chief Information Officer (CIO) and Chief Information Security Officer (CISO) are growing rapidly in importance in the C-suite. Clients should use this document as a source for enhancing these roles and defining the requirements and agendas of those positions.