Far from being opposed, both CIO and CISO follow different but complementary objectives. A partnership in security expertise is key to optimal protection of information systems and essential collaboration to convince executive committees and employees.
1- Steering the global strategy in a consistent cyber-responsible approach
The nature of risks has fundamentally changed along with internal expectations. Networks are becoming increasingly open, employees are more mobile, hyper-connected, and want to be able to work quickly and efficiently, and business units want to be more productive, reduce costs and remain competitive. At the same time, cyber-attacks are evolving and becoming sharper and more harmful to organizations. Co-constructing a global strategy, vetted by the executive committee and assimilated by employees is key to establish a consistent cyber-responsible approach within the organization.
2- Defending budgets and projects in unison with the executive committee
To deploy this global strategy, proposed jointly by the CIO and the CISO, requires the executive committee to become aware of the importance of the proposed plan and then allocate the right resources to the right projects, which are vital for the organization’s economic development and to ensure its security. We are talking here about both financial and internal resources. According to Clusif’s 2018 report, “less than half of CISOs (43%) believe they have an adequate budget. In addition, the lack of internal resources (57%) and recruitment difficulties (63%) hamper the daily implementation of an effective security.”
3- Deploying proven solutions and devices with the right level of security
For several years now, the role of CISOs has been evolving. It is not only technical, but more integrated within the initial stages of projects, within system architectures, operations and business transformation. As for CIOs, they are seen as conductors who implement new technologies aligned with business drivers. Their job is therefore to meet operational expectations and strong security constraints by proposing appropriate devices and solutions.
4- Qualifying partner ecosystems and methodological frameworks
CISOs are not alone in defining the rules and enforcing their organization’s security policy. They are part of a global security ecosystem integrating both internal resources, the CIO first and foremost, and external resources such as official bodies, standards, labels and networks dedicated to sharing best practices. In order to continue addressing employee needs, CIOs will need to use methodological frameworks for collecting requirements, steering and monitoring projects.
5- Gaining agility while respecting security rules
Faced with new market rules and competition, organizations have no other choice than to use efficient digitization and mobility levers to remain competitive. How to get there There is nothing like a complementary CIO/CISO duo to cover the needs of various departments while meeting security standards and make this agility a value proposition.
“As security partners, CIOs and CISOs need to move in the same direction and work closely together. According to Clusif’s 2018 report, 77% of large corporations with more than 1,000 employees have organized their security around this dual CIO/CISO expertise. This collaboration is necessary for a consistent information security policy, as indicated by the CISO of a large group in the retail industry.”