Don’t Set The CISO Up To Fail

From: InformationWeek

Mansur Hasib

More healthcare organizations are hiring CISOs — a good thing. But bad management structure, insufficient resources, and poor understanding of risks often doom these newly appointed security executives.

My 2013 national survey of healthcare organizations discovered that about half the CIOs in healthcare report to CFOs and other executives, and not the CEO. This structure is dangerous for both the organization and the CIO for several reasons.

First, the CIO’s pay is reduced — at least a full grade level lower — than it should be. Second, the CIO cannot participate in organizational strategy meetings because of rank.

Most important, the CFO and other executives run IT and cyber security strategy, instead of the CIO. IT department pay, including that of the chief information security officer (CISO), is lowered, making it challenging for the healthcare organization to acquire and retain top talent. Finally, the CIO becomes an ideal whipping boy for any failures, but other executives are well protected, even though they make the final decisions.

Read Complete Article


Leave a Reply

Your email address will not be published.

Please Answer: *