The CISOs New Best Friend & New Boss

  /     /     /  
Publicated : 22/11/2024   Category : security


The CISOs New Best Friend & New Boss


What does the rise of the chief data officer and the digital risk officer mean for the chief information security officer?



CISOs, youve got a hard job. There are some new positions in the corporate org chart who are eager to take a piece of the infosec action to help you out. The question is, can you work with them, not against them, and ensure you keep your authority (and your paycheck)?
You go through this battle with the CIO already. So, what about the new Chief Data Officer and Digital Risk Officer? Are they friends or foes?
Chief Data Officer
Meet your new best friend.
You know those Social Security Numbers youd like to encrypt, but you dont know all the places theyre stored? And that pile of data you dont know how to classify (whats sensitive, whats useless, what needs to be saved, what can or must be deleted)? And those behavior analysis tools you bought to recognize when data is being accessed in an abnormal pattern...but you have no idea what the
normal
pattern is?
The chief data officer is going to help you with all of that.
The CDOs domain is the who, what, when, where, how, and even why of data, says Todd Feinman, CEO of data management firm Identity Finder. Its work that typically falls under the job description of the CIO, says Feinman, but it just doesnt get done.
The CDO usually reports to the CIO, but sometimes to the CEO with a dotted line to the CIO, says Feinman. Could the security department steal the CDO all for itself though? Feinman doesnt think so.
The problem is, its a data role, its not a security role, he says. The CDO doesnt necessarily have to be just for security purposes.
So, you may have to share them with other departments, but the good news is we
only
see this as a friend [to the CISO], says Feinman.
So dont feel the need to give this person an intimidating, bone-crushing handshake when youre introduced. He or she could be on your side, solving your shadow IT problem, zipping through e-discovery requests, and making your access controls much more effective. Plus, when you do experience a breach, youll be grateful to your CDO for trimming down your PII database before the bad guys got to it.
Digital Risk Officer
Meet your new boss. (Or, the new you.)
Plenty of companies have Chief Risk Officers, but as organizations do more business online, the nature of their risk exposure changes. Add the Internet of Things to the mix and things get really interesting. For these reasons, some organizations have begun to add
Digital Risk Officers
to their teams who focus just on the risks that relate to a companys digital operating model.
Gartner predicts that by 2017 one-third of large enterprises engaging in digital businesses will have a digital risk officer or equivalent.
As a recent PwC Technology Institute report describes:
Digital risk governance requires a new set of mandates that expand beyond the traditional scope of Chief Information Security Officer (CISO) and Chief Risk Officer (CRO). Digital operating models need to incorporate many corporate functions, including marketing, merchandising, technology, customer support, and finance.
As the Internet of Things (IoT) magnifies increased dependencies and overlaps within your organization, your company may consider investing in developing a Digital Risk Officer (DRO).
According to PwC, some web security issues will fall under the DROs bailiwick, including social media usage policies and fraudulent payments at online shops.
They will also have to manage financial, regulatory, and operational risks related just to the digital side of the business. As Heather Levy
wrote for Gartner
, DROs will manage risk at an executive level across digital business units, working directly with peers in legal, privacy, compliance, digital marketing, digital sales and digital operations.

Last News

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
The CISOs New Best Friend & New Boss