The State of the "C" in CISO
"Whether the 'C' in CISO is truly appropriate or just hand waving at a problem depends on the level of authority the CISO has in an organization and his/her interaction with executives," said Pete Lindstrom, research director, Security Products. "Because breaches often come full of 'stick' with very little 'carrot,' there can also be a backlash against security professionals. Luckily, this hasn't happened, and it appears that organizations are finally giving security and the attention they deserve."Please Note:
Extended description available upon request.
- IDC Opinion
- In This Study
- Situation Overview
- What Is the CISO's Level of Authority?
- Have CISO's Been Invited to the Table?
- How Strategic Is the Executive Team in Information Security Management?
- How Often Do CISOs Face a Breach Disclosure Decision? Who Makes It?
- Should CISOs Lose Sleep at Night?
- Future Outlook
- Essential Guidance
- Learn More
- Related Research
- Appendix: Respondent Profile
- Table: CISO Reporting Levels by Industry (% of Respondents)
- Table: Comparison of Frequency and Effect Scores (% of Respondents)
- Table: Key Security Drivers
- Table: Breach Notification Frequency by Industry (% of Respondents)
- Table: Breach Disclosure Disagreement by Industry (% of Respondents)
- Table: CISO Career Outcomes: Actual Versus Anticipated (% of Respondents)
- Figure: Distribution of CISO Reporting Levels
- Figure: Distribution of Reporting Frequency for Management Levels
- Figure: Respondents by Industry
- Figure: Respondents by Total Revenue
- Figure: Respondents by Number of Employees