Question

In: Computer Science

The board of executives decides on creating a new position as chief security officer, however, they...

The board of executives decides on creating a new position as chief security officer, however, they are not sure if the new position should be part of it department and report to the chief It officer or the new CSO should be the same level to CIO and directly report to the board. What would be your recommendation as a security consultant and why?

Solutions

Expert Solution

I prefer that CSO should directly report to board or CEO instead of putting it under the CIO. If we talk about real world then almost in 2/3 companies CSO directly reports CEO or to the board.

Putting the CSO under the CIO helps ensure strong alignment with the technical delivery model. But there can be a segmentation of duties issue.To illustrate the problem, where an application is about to be rolled out, but has a known security vulnerability. "The CIO’s bonus may be tied to on-time delivery of applications, while the CSO’s is tied to limited security vulnerabilities and no security breaches. In this scenario, it is questionable what decision would be made: to delay the application release date and patch, or accept the risk."

If the CSO reports directly to the board, Browne says, "the primary benefit is that the CSO has a higher degree of influence to drive change. On the flip side, the CSO may also have very limited time with the board, due to the Board’s wide range of responsibilities."


Related Solutions

A chief information security officer is creating a security committee involving multiple business units of a...
A chief information security officer is creating a security committee involving multiple business units of a corporation. Which of the following is the best justification to ensure collaboration across business units? A risk to business unit is a risk avoided by all business units, and liberal BYOD policies create new unexpected avenues for attackers to exploit Enterprises single point of coordination is required to ensure cyber-security issues are addressed in protected, compartmentalize groups without business unit collaboration, introduced by one...
13. Who has responsibility for risk acceptance? board operations managers chief risk officer chief executive officer...
13. Who has responsibility for risk acceptance? board operations managers chief risk officer chief executive officer       The correct answer is 14. Which of the following is done FIRST in operational risk management? Identification of controls Identification of risks Determination of cost effectiveness of controls Stress testing       The correct answer is ___ 15. Which of the following would have the HIGHEST priority in a business continuity plan? A. Resuming critical processes B. Recovering sensitive processes C. Restoring the site...
In your new position as chief financial officer for Gulf Barges Limited, the first task you...
In your new position as chief financial officer for Gulf Barges Limited, the first task you have been assigned to complete is to prepare the income statement for the 12-month period ended June 30, 2022. On your desk on your first day, the previous chief financial officer has left you valuable information to complete the task. 1.       Total revenue recorded by Gulf Barges Limited during the accounting period was $185,852,000. Included in the total revenue figure is Other Revenue totalling $21,050,000...
In your new position as chief financial officer for Gulf Barges Limited, the first task you...
In your new position as chief financial officer for Gulf Barges Limited, the first task you have been assigned to complete is to prepare the income statement for the 12-month period ended June 30, 2022. On your desk on your first day, the previous chief financial officer has left you valuable information to complete the task. 1.       Total revenue recorded by Gulf Barges Limited during the accounting period was $185,852,000. Included in the total revenue figure is Other Revenue totalling $21,050,000...
If you were interviewing a candidate for the position of Chief Knowledge Officer, what are the...
If you were interviewing a candidate for the position of Chief Knowledge Officer, what are the 8 questions you would ask and what answers you would accept? (Remember, you need to write questions and answers for them, and questions should be from Organizational Knowledge Management subject we have discussed so far).
1-Which of the following controls a corporation? Chief executive officer (CEO) Board of directors Chief financial...
1-Which of the following controls a corporation? Chief executive officer (CEO) Board of directors Chief financial officer (CFO) None of these choices are correct. 2-All of the following are considered advantages of the corporate form of business EXCEPT limited liability. double taxation. continuous life. separate legal existence. 3- A journal entry to record the issuance of preferred stock at a premium would include a __________ to __________. credit; Cash debit; Paid-In Capital in Excess of Par debit; Preferred Stock credit;...
Wilcox, chief executive officer and chairman of the board of directors, owned 60 percent of the...
Wilcox, chief executive officer and chairman of the board of directors, owned 60 percent of the shares of Sterling Corporation. When the market price of Sterling’s shares was $22 per share, Wilcox sold all of his shares in Sterling to Conrad for $29 per share. The minority shareholders of Sterling brought suit against Wilcox demanding a pro rata share of the amount Wilcox received in excess of the market price. What are the arguments to support the minority shareholders’ claim...
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a...
A Chief Security Officer (CSO) has been unsuccessful in attempts to access the website for a potential partner (www.example.net). Which of the following rules is preventing the CSO from accessing the site? Blocked sites: *.nonews.com, *.rumorhasit.net, *.mars? Rule 1: deny from inside to outside source any destination any service smtp Rule 2: deny from inside to outside source any destination any service ping Rule 3: deny from inside to outside source any destination {blocked sites} service http-https Rule 4: deny...
Gary Levin is the chief executive officer of Mountainbrook Trading Company. The board of directors has...
Gary Levin is the chief executive officer of Mountainbrook Trading Company. The board of directors has just granted Mr. Levin 50,000 at-the-money European call options on the company’s stock, which is currently trading at $30 per share. The stock pays no dividends. The options will expire in five years, and the standard deviation of the returns on the stock is 56 percent. Treasury bills that mature in five years currently yield a continuously compounded interest rate of 4.2 percent.   ...
Gary Levin is the chief executive officer of Mountainbrook Trading Company. The board of directors has...
Gary Levin is the chief executive officer of Mountainbrook Trading Company. The board of directors has just granted Mr. Levin 10,000 at-the-money European call options on the company’s stock, which is currently trading at $125 per share. The stock pays no dividends. The options will expire in five years and the standard deviation of the returns on the stock is 56 percent. Treasury bills that mature in five years currently yield a continuously compounded interest rate of 5 percent.   ...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT