@Taimur - sometimes the CISO function is part of a compliance function of all legal and regulatory requirements. The same solution does not work for all organizations - it should be planned strategically.
Absolutely! I wonder how many organizations' c-level suite structures have remained unchanged for decades--or at least a long time? You'd think that it's time now to revisit the structure, including the reporting tree, to ensure that CIOs and other valuable IT executives are given equal footing to their counterparts in marketing, sales, and finance. You can't expect IT to be an integral part of business operations if executives aren't given the same visibility, respect, and responsibility.
Thank you very much for the article, Mansur. Interesting to read. Based on my experience, as you also mentioned, organizations have different reporting structure for CIO. The trend I see there is an expectation from the business that IT needs to be transformed from cost center to "Enabler". That requires CIO and other IT leaders start applying business centric thinking to their goals and objectives. Vision if IT has to align with the business's vision.
@Mansur: If CISO is not reporting the CIO, he would be reporting directly to the CEO then. In that case, the Information Security function becomes an independent department on it's own. This might add to the complexity in an organization's structure because normally organizations would want to limit the number of departments they have.
It's interesting to see the different structures but for me in tech companies internal IT strategy needs it's own leadership vs product or services strategies. If not internal IT will not get the attention it deserves and security risks start to occur as well as down time for employees
@Taimur - if the organization believes that the CIO is ultimately responsible for security and the CIO is a strategic role then the CISO should report to the CIO. If the CIO role is operational, the CISO may report to a different segment and serve more as an organizational risk officer. With such separation the CISO may be in position to audit the IT and all other departments for compliance. Sometimes this role has a privacy focus with a higher legal focus. Sometimes the role may have a dual privacy and security focus (specially in healthcare) and it may require a two person team to perform this role appropriately. Depending on the size, complexity and business focus of the organization, the appropriate arrangement should be consciously chosen.
"As the strategic CIO role started to emerge in some organizations, other organizations simply retitled the director of IT without understanding the difference between the CIO and the IT director"
@Mansur: While in many companies the role of IT director and CIO might differ greatly, some companies simply cannot afford to keep both these positions and the CIO is made to deal with the IT related day-to-day affairs as well such as hardware procurement etc. This also avoids conflicts in interests as well because they may be dealing with some common avenues.
@Mansur: Doesn't a CISO normally report to a CIO? Is there are reason why this should not be the case given that CIO is the overall in charge of all IT related affairs in the company.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Recently, the Obama administration has been of two minds where privacy rights are concerned. On one hand, you have an administration that vowed to veto CISPA and mandated open data for government websites. On the other hand, you have an increasingly out-of-control Department of Justice on a fishing expedition at AP and demanding legislation to let the FBI wiretap private, encrypted communications and levy fines if a company fails to comply.
The apartment and house sharing service, Airbnb, now requires members to verify their identities by demonstrating a presence on the web, and by either scanning a government ID or entering detailed personal details. Other enterprises should take a close look at Airbnb's verification policies.
Facebook advertising is a lightning rod. It seems neither brands nor consumers are 100 percent happy about the social media site's policies, placement, or procedures. But the real controversy about Facebook ads and promotions is over whether they work.
By now, you've most likely heard about the 3D-printed gun that Texas-based Defense Distributed demonstrated last week. But we haven't heard the last about the censorship war that began soon afterward.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Subsidized handsets, rather than locked handsets, should be the focus of regulators. We're not getting good deals, not fostering innovation, and weakening our power as buyers.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
