The role of the Chief Information Officer
was first created in the 1980s; before that the responsibility of
information security belonged to the Chief Financial Officer. As technology and society changed over the
years so has the role of the CIO in organizations.
The traditional role of the CIO and CISO is described by Bill Brenner
, the senior editor at CIO magazine as “over-glorified
IT security administrators, babysitting the firewalls, arguing with software
vendors over botched antivirus signature updates and cleaning spyware off of
Since then the CIO has taken on a more
prominent role and become a central position in business operation. Expected to
be knowledgeable about business and up to date with technology, this makes the
modern day CIO a kind of Superman. This
explains CIOinsight writer Allan Alter’s discovery
that the majority of CIOs
have a mixed background in technology and business.
Paul McDougall, a writer for Information
Week, discusses how the rise of the Internet economy has created a need for
CIOs to play a central role in organizations. The Internet economy has made IT
departments more central with the added pressure to deliver more results with
fewer resources. In a blog entry on Information Week, Cisco chief technologyofficer Padmasree Warrior
explains the new expectations for the IT department:
“CEOs now expect IT to provide profitable growth and
business agility. The role of the CIO is changing.”
This significant shift in thinking is also
being faced with the emerging challenges of mobile integration and cloud
computing placing pressure on the CIOs to integrate more mobility into the
daily operations of the business environment.
With all of these new challenges and
demands it is necessary for the CISOs role to change from reactively responding
to security threats towards a more intelligent and holistic risk management
A study conducted by the IBM Center for
Applied Insights called Finding a strategic voice: Insights from the 2012
IBM Chief Information Security Officer Assessment, found that security professionals are under intense
pressure to protect the firm’s most valuable assets; money, customer data, and
intellectual property. IBM created a list of mature security practices of
influencers in a variety of organizations.
- Security is
seen as a business (versus technology) imperative.
- The use of data-driven
decision making and measurement
budgetary responsibilities with the C-Suite
The role of the CISO in organizations will
continue to change over the next few years.
It’s apparent that the CIO and CISO have a crucial role that needs to be
recognized and given proper authority to put into place their in depth security
plans. This will help avoid incidents such as the recent breach at the South
Carolina Department of Revenue. We’ll follow this discussion up in our
subsequent blog. Do you agree that while a good start there is room for improvement?
By Sarah Raphael