Respect amongst our peers is a status that we strive for a on a daily basis. Participating in a team environment, sharing and learning, promotes the give-and-take mentality needed for a cohesive team.
What if, however, you find out that you are not respected and that your qualifications and abilities are being called into question? This can happen—even at the C-level—and it’s a matter that must be addressed.
CSO writer Taylor Armerding explores this very topic in his latest article. He summarizes ThreatTrack Security’s recent whitepaper, “No Respect: Chief Information Security Officers Misunderstood and Underappreciated by Their C-Level Peers,” as follows:
The survey of 203 C-level executives at U.S. organizations employing a CISO found that a large majority (74%) thought CISOs didn’t even deserve a seat at the C-level table and viewed them primarily as, “a convenient scapegoat in the event of a data breach.”
In casual terms, it seems to come down mainly to this: Being a geek isn’t enough. In addition, a frequent complaint about CISOs is that they don’t know how to, “speak the language of business.”
In short, to gain respect in the C-suite, CISOs have to work to be viewed as business enablers, not impediments. CEO and others higher up the executive food chain may not understand the role of the CISO as well as they do other C-level positions that have existed for decades.
Whatever the structure, those in the field agree that it is mostly up to the CISO to explain that role and how it can enable both the effectiveness and security of the organization.
The survey also found that a significant percentage of executives believed CISOs should be held responsible for security breaches, but “should have limited say in acquiring the technology and resources to prevent them.”
In other words, hold them responsible, but don’t give them control. “That mentality demonstrates that many in the C-Suite still do not understand the role of CISOs and the value they can bring to the table,” Lyons said.
For more findings from the ThreatTrack Security whitepaper, read the full CSO article.
APPLICATION DEVELOPMENT: Blue Mountain Data Systems is dedicated to Application Development and Systems Integration for Federal Civilian Agencies, Document Management Systems that help in the preparation, scanning, indexing, categorizing and quality control of millions of pages of paper documents to electronic format and the Automation of Workflow Processes. Call us at 703-502-3416.