• United States



by Joyce Brocaglia

The Paper Tiger Syndrome

May 03, 20041 min
CSO and CISOData and Information Security

Unfortunately this scenario is not uncommon. Often small or midsize companies that are initially establishing information security departments or adding a CISO are doing so as a direct result of an audit finding. They are required to put a security officer in place but are sometimes not willing to make the commitment to staff or budget that will allow the security officer to be effective in implementing a program.

It is extremely important for anyone going on an interview to understand the companys motivation behind the creation of the position. If it is a replacement, then you want to know the circumstances that caused the predecessor to leave. One of the most telling signs of a lack of authority is the reporting structure of the position. If the CISO is buried deep within the organization, it is likely that he will encounter much difficulty in implementing his programs. Due diligence as a job seeker means making sure that you fully understand what you are getting into when you accept a new position.