From
GARP – “Born from the
perfect storm of 9/11, the Nimda worm, and Section 404 of the Sarbanes Oxley Act (SOX), the rise of the chief information security officer (CISO) has occurred at a lighting pace. Mega breaches have earned them a seat at the boardroom table, yet CISOs still struggle to articulate cybersecurity risk in a way that board members can understand.
To move past this, CISOs need to flex their leadership muscles and take a top-down approach to risk management – one that will likely require them to “unlearn” many of the best practices that got them to where they are.
It is a path with which the broader risk management profession is familiar: In the early 2000s, information security was mainly driven by compliance. Back then, CISOs were little more than glorified IT security admins.”
Read more>>