Over the past 18 months, there has been a bit of a sea change in the chief information security officer (CISO) role. Fundamentally, the CISO is the individual who is responsible for the protection of an entity’s information.
The US Securities and Exchange Commission (SEC) has issued a proposed rule change on cybersecurity risk management, strategy, governance, and incident response disclosure by public companies that requires publicly traded companies to provide evidence of the board’s oversight of cybersecurity risk. Couple this with the former CSO of Uber being found guilty on charges of “obstruction of the proceedings of the Federal Trade Commission” and it is clear the hand at the helm must be able to navigate all types of seas in their entity’s political milieu. In this regard, the CISO needs to acquire political capital.