Modern chief information officers (CISOs) must demonstrate agility and the ability to learn new skills as organizations increasingly embark on ambitious digital transformation programs. This is according to the Information Security Forum’s (ISF)’s latest digest, Becoming a Next Generation CISO, which has outlined the key traits security leaders must exhibit in the modern age, in which their roles are becoming ever more crucial.
Following a range of surveys and interviews held with over 40 CISOs, the ISF set out six differentiating characteristics required for individuals in these posts to successfully advance the discipline of information security in today’s increasingly evolving and digitalized world. These are: balancing opportunity with risk, demonstrating leadership, managing incidents and crises, finding their own voice, dealing with regulatory volume and handling technology.
This approach has primarily been brought about by three major external forces, which have reshaped the role of CISOs according to the report. These are firstly the rush to digital technology, which has substantially changed the way organizations operate in regard to working practices and interactions with customers and suppliers.
The second is the overwhelming regulatory burden, with recent legislation such as the EU General Data Protection Regulation (GDPR) making compliance a focal issue in boardrooms.
The third is disruptive events, which have the knock on effect of enforcing change on organizations at high speed. The archetypal example of this is the COVID-19 pandemic this year, which has forced companies to re-orientate around secure remote working practices.
Steve Durbin, managing director at the ISF, commented: “As digital transformation drives organizations to become more agile and responsive, the CISO faces demands to quickly prove their worth as an enabling force, while protecting the business in an increasingly turbulent risk environment. Becoming a next-generation CISO requires an individual to embrace and master new skills and disciplines, making themselves indispensable, future-proof and highly sought after.”
“The CISO is coming under pressure from many different directions. Whether this is external, internal or personal, these forces have combined to create a situation that demands a new approach – one that the next-generation CISO is pioneering. Being a next-generation CISO is an extremely rewarding position that allows an individual to become a pivotal member of their organization, involved in and advising on almost every level. This role will be welcomed almost anywhere as more and more organizations turn their focus to the risks and opportunities of the evolving digital world.”