Chief information officers (CIOs) and chief information security officers (CICOs) need to collaborate and work closely together to encourage security throughout the organisation.
“The CIO is under a lot of pressure,” said one CISO speaking at the CIO Event in Silverstone today. “Like lots of other organisations, we’re dealing with a lot of out-of-date technology, but we’re also trying to get him thinking about the basic stuff.”
Speaking during a panel discussion at the event, the CISO, who asked not to be named, said his CIO is under pressure from board level to do “whiz-bang things” with BYOD (bring your own device), introducing iPads and much more.
“But looking at security breaches, it is back to basics,” he said. “You’ve got to get them right.”
He said that when other organisations experience data breaches, it gives him the ammunition to prove the importance of security within his organisation.
The panel agreed that CISOs should be working even closer with CIOs to make sure the organisation better understand security and prevents breaches.
More on CIOs
Jonathan Runnalls, security solutions consultancy manager at Verizon, said the CIO role is becoming more and more difficult and CIOs are struggling with security.
Runnalls said CISOs can provide advice and guidance for CIOs to become more innovative.
“Where CISOs fail is where they say ‘no’. It’s useful when CISOs say ‘yes, but this is how we should do it.’
“The CISO is essential to organisations these days,” he added. “CIO and CISO roles should become closely bonded as peers rather than subordinates.
But the CISO panellist said the CISO needs to gain street cred. “The CIO gets street cred automatically, but [CISOs] have got to earn that and keep it. I’m fortunate my CIO is board level and doesn’t pull rank."
Vince Pillay, CISO, Domestic and General said that his CIO relies heavily on him. “I’m the glue that helps pull the functions together,” he said.
Domestic and General considers itself a data company, it provides warranty services and product protection for 14 million customers, and Pillay said the company holds around 70 million customer records. “It’s all about the data, you have to be data centric now,” he said.
He said he is seeing a trend between the relationship of business divers where IT is becoming a more facilitator to the organisation.