7 tips for better CISO-CFO relationships

A successful CISO/CFO relationship will help ensure an organization has the right resources for its risk profile.

Two business people connecting and solving a puzzle.
Maxiphoto / Getty Images

Every chief security executive knows that one of the most important—and perhaps challenging—aspects of the job is getting the funding needed to support the cybersecurity program. The person handing the decision making on budgeting is often the CFO, so CISOs would be wise to learn the best ways to interact with these finance professionals.

“The CFO/treasurer-CISO relationship is critical in understanding how the [organization] measures success, which helps with how best to measure and communicate the cyber threats it faces,” says Arthur Treichel, CISO for the State of Maryland.

Here are some best practices for CISOs when working with the CFO in their organization.

Speak the CFO’s language

CISOs like to use metrics that relate to cybersecurity activity, says Frank Dickson, Security & Trust program vice president at research firm International Data Corp. (IDC). This includes metrics such as the number of alerts addressed, mean time to respond, mean time to remediate, and dwell time.

To continue reading this article register now

Make your voice heard. Share your experience in CSO's Security Priorities Study.