Information Security Risk Management Program Strategy & Design | GRC | Operational and Cyber Resilience | Security Architecture | Once upon a time - Global CISO | Speaker
I've said it many times before. CISOs need to put in place a clear Charter that outlines the, scope, roles, responsibilities and authority of the CISO, the Information Security Program and the roles and responsibilities of the risk committee, senior leadership and the BOD when it comes to cyber risk based decisions. Often CISOs/Security Officers are put in a position of little authority to make unilateral decisions that effect the organization, but are held unilaterally accountable in the outcomes and results when security breaches occur. With this understanding a documented and signed Charter will clearly outline how and who has the authority for certain decisions made and at what level... and obviously documenting those decisions along the way should go without saying.
Cloud data security @Sentra
1wWhats stopping that from happening? leadership undervaluing security?