CSOs, CISOs and Title Entitlement

I thought I ought to become my organization's CSO until a self-assessment caused me to think again.

. What's this?

By

October 01, 2003CSO — Currently, I'm the VP of security at a global corporation, a title I've worked hard to get and one of which I'm proud. But all the talk about CSOs has made me think about my role here, how our department's profile has changed in the past few years, and how such a title might convey top management's commitment to what we're trying to accomplish. Frankly, I wouldn't view it as a promotion, and this is not about more compensation. I think a title change to CSO represents a logical next step in the evolution of corporate security within this company.

So I've undergone a sort of self-assessment in order to have some talking points when I confront my boss. I've considered my place both within my organization and among my peers. I know from talking to colleagues that budgets have tightened and the number of CSO titles have not appreciably increased in the past year or so. Which means I'm probably fighting an uphill battle. But I think it's worth teeing up to gauge where management sees our mission going.

My information security counterpart in our organization is in a separate department. We're both vice presidents and work very closely for obvious reasons. He has successfully captured the CISO title and enjoys more seniority and influence within the corporate structure than the traditional CSO. Chief risk officers and chief legal officers similarly seem to serve at a considerably higher level than do physical security executives. What is it that gives them this seeming legitimacy?

The notion of chief-whatever carries weight in business circles, yet the CISO mantle was passed virtually without a peep. My friends in HR told me that was, in part, because of our unyielding reliance on our technical environment. But I also know that the CIO talks with the CEO daily about risks to system integrity. He's the CISO's strongest advocate for very selfish reasons. I have good relationships with several board members, but I don't have that sort of advocate near the corner office.

In the midst of my introspection, I happened to receive "Corporate Security Management: Organization and Spending Since 9/11," a recent publication from The Conference Board, a respected research organization that produces conferences, makes forecasts, assesses trends, and publishes information and analysis on the current business climate. I know a number of our senior executives are members, so this, I thought, might help my cause. With sponsorship from ASIS International, The Conference Board interviewed more than 330 security directors, risk managers and IT security officers. More than half came from companies with over $1 billion in annual sales. The purpose was to ascertain general patterns of security management and to identify changes in business functions and spending since the terrorist attacks in September 2001.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER