CISOs, it’s time to bury the hatchet with your CIO
Historically, the head of security (CISO) reporting into the head of IT (CIO) has made a lot of sense.
Both departments are – at their core – technical disciplines, and as such there is a need for the two to be in regular contact. They need to overlap on network infrastructure, information security, and IT compliance, not to mention overseeing the release of safe, bug-free code and the delivery of secure products.
Yet this relationship is often lambasted by those working in the InfoSec community. Some describe it as ‘adversarial’ – with two very different people trying to achieve different objectives.
CIOs will look to bring new business applications online, to maintain service-level agreements, and ensure that IT services are available for all users. Indeed, a CIO’s bonuses are often tied to KPIs around these very principles.