Today, business environments have become increasingly more complex, severe, complex, and connected at the domestic and global level. Consequently, Information technology security has moved to the forefront in companies. As a result, they are discovering that they also must diligently protect employees, networks, and information from outside threats. Therefore, a lot of businesses are beginning to hire executives known as chief security officers and chief information officers for their security needs. Thus, the CISO and CIO have important roles in simplifying the strategic planning into operational and tactical InfoSec plans. However, depending on the InfoSec function’s placement within the organizational chart, the mission of the CISO and CIO might differ a bit. Normally, the CISO will report directly to the CIO. Consequently, the CIO would be the person who delegates the CISO with adopting and …show more content…
However, the CISO needs to make sure that the learn the culture of the organization before implementing and changes. Thus, they should consider the culture and focus on what risks exist for it. Moreover, the focus cannot just be on technology, but on security procedures and policies, IT infrastructure, and risk management (Whitman & Mattord, 2014).
Over the years, the role of the CIO has dramatically changed, and as new technologies and threats are created, the role will continue to evolve. The CIO must be able to notice the changes and threats in information security and proceed to protect it in the most effective way possible. Moreover, the CIO must have the understanding and skills that will allow him/her to comprehend InfoSec and physical security while having a profound understanding of the threats that the organization faces protecting its environment. In addition, the CIO is responsible for making decisions based on security policies and must be someone who can formulate, motivate, and execute change. Furthermore, a CIO’s responsibility also includes