The evolution of the CIO and CISO

English: A candidate icon for Portal:Computer ...

The role of the Chief Information Officer
was first created in the 1980s; before that the responsibility of
information security belonged to the Chief Financial Officer.  As technology and society changed over the
years so has the role of the CIO in organizations.
The traditional role of the CIO and CISO is described by Bill Brenner, the senior editor at CIO magazine as “over-glorified
IT security administrators, babysitting the firewalls, arguing with software
vendors over botched antivirus signature updates and cleaning spyware off of
infected laptops.”
Since then the CIO has taken on a more
prominent role and become a central position in business operation. Expected to
be knowledgeable about business and up to date with technology, this makes the
modern day CIO a kind of Superman.  This
explains CIOinsight writer Allan Alter’s discovery that the majority of CIOs
have a mixed background in technology and business. 
Paul McDougall, a writer for Information
Week, discusses how the rise of the Internet economy has created a need for
CIOs to play a central role in organizations. The Internet economy has made IT
departments more central with the added pressure to deliver more results with
fewer resources. In a blog entry on Information Week, Cisco chief technologyofficer Padmasree Warrior explains the new expectations for the IT department:
“CEOs now expect IT to provide profitable growth and
business agility. The role of the CIO is changing.”
This significant shift in thinking is also
being faced with the emerging challenges of mobile integration and cloud
computing placing pressure on the CIOs to integrate more mobility into the
daily operations of the business environment.
With all of these new challenges and
demands it is necessary for the CISOs role to change from reactively responding
to security threats towards a more intelligent and holistic risk management
style.
A study conducted by the IBM Center for
Applied Insights called Finding a strategic voice: Insights from the 2012
IBM Chief Information Security Officer Assessment
, found that security professionals are under intense
pressure to protect the firm’s most valuable assets; money, customer data, and
intellectual property
. IBM created a list of mature security practices of
influencers in a variety of organizations.
  1. Security is
    seen as a business (versus technology) imperative.
  2. The use of data-driven
    decision making and measurement
  3. Sharing
    budgetary responsibilities with the C-Suite

“This data painted a profile of a new
class of CISO leaders who are developing a strategic voice, and paving the way to a more proactive and integrated stance on information security,” said
David Jarvis, author of the report and senior consultant at the IBM Center for
Applied Insights. “The path of the CISO is now maturing in a similar
pattern to the CFO from the 1970s, the CIO from the 1980s – from a technical
one to a strategic business enabler. This demonstrates how integral IT security
has become to organizations.” [v]
The role of the CISO in organizations will
continue to change over the next few years. 
It’s apparent that the CIO and CISO have a crucial role that needs to be
recognized and given proper authority to put into place their in depth security
plans. This will help avoid incidents such as the recent breach at the South
Carolina Department of Revenue. We’ll follow this discussion up in our
subsequent blog. Do you agree that while a good start there is room for improvement? 
By Sarah Raphael 

Enhanced by Zemanta