• United States



by Janice Brand

CSOs, CISOs Gaining Clout in Boardrooms

Dec 08, 20052 mins
CSO and CISOData and Information Security

A study released today by the International Information Systems Security Certification Consortium, also known as the (ISC)2, shows that CSOs are gaining clout in the boardroom as they — and their boards of directors and CEOs — are more accountable for information security and risk management strategies. A release from the group said the study showed the “ultimate responsibility for information security moved up the management hierarchy, with more respondents identifying the board of directors and CEO, or a CISO/CSO as being accountable for their company's information security.”

The study, based on survey of 4,305 information security professionals in 80 countries — was conducted by International Data Corp. (which shares a parent company with the publisher of CSO Magazine and CSOonline). Specific findings include:

  • The majority of respondents - 73% - expects their influence with executives and the board of directors to increase in the coming 12 months, as talks between security and other business executives shifts from technical subjects to risk management strategies.
  • Nearly 21% of respondents, up from 12% in 2004, say their CEO is now ultimately responsible for security.
  • For the CIO, security accountability dropped to about 30.5%, from approximately 38% in 2004 and rose to 24% from 21% in 2004 for CISO/CSOs.
  • Organizations spend on average more than 43% of their IT security budgets on personnel, education and training.
  • Professionals are looking for additional training in business continuity (50.5%), forensics (50.3%), and risk management (48%), all of which factored higher than the demand indicated in 2004.