expert
OPINION
It ’ s not surprising that the collaboration between CIOs and CISOs has significantly evolved in recent years .
For those who described the relationship between IT and security as ‘ connected ’, 64 % stated they now have shared goals for maintaining the company ’ s security and 70 % stated they have joint processes and procedures in place for daily operations .
However , there is still work to do . For example , less than half ( 48 %) stated they have established joint processes and procedures to mitigate or recover from an incident . With cyberattacks now occurring at a rate of 19 every second , the need to work together has never been more urgent .
As this research shows , there are clearly still barriers to overcome before closer collaboration is possible for many organisations . Chief among these is budgeting shortfalls , meaning allocated resources and investment levels simply aren ’ t high enough to cover all priorities set out by both the CISO and CIO . At a time when there is significant pressure to increase cybersecurity budgets , some leaders are still having to make compromises to ensure objectives can be met , which can be frustrating for all involved .
Another common barrier tends to be differences of opinion between CISOs and CIOs when it comes to cybersecurity and its impact on overall operational efficiency . Finding the balance between robust data protection and employee productivity is tricky .
Overly stringent security protocols can often prove detrimental , and employees may even try to circumvent particularly onerous requirements , creating further problems . On the other hand , security protocols that don ’ t go far enough can quickly lead to vulnerabilities across the network . This is where collaboration is key to finding a happy medium .
A dynamic and successful partnership
With these parameters top of mind , what does a successful CIO / CISO partnership look like ? In modern organisations , there ’ s multiple crossover points between the two roles . A great example is the challenges presented by organisational resilience , which is now a crucial consideration for every business . One of the best ways to assess existing resilience levels is to test how well security and IT teams and their processes and technologies respond to , and recover from , unexpected cyber-incidents .
In this test scenario , the aim is to assess the response and identify key areas for improvement in both protection and mitigation strategies that go beyond just cybersecurity and examine every part of the IT estate where vulnerabilities are found to exist . This is only possible when the process itself covers all aspects of the response , ranging from tech issues and challenges , to employees , training
42 WWW . INTELLIGENTCISO . COM