The CISO as Chief Cyber Risk Officer
I’ve been meeting a lot more CROs in industry lately, and for some companies centralizing all risk management in one executive’s portfolio makes sense.
For others, that may not be the case. But I find that, as a CISO, I have a lot in common with CROs. That’s because another way of answering the question, “What is a CISO?” is to think of the role instead as a “Chief Cyber Risk Officer.”
The job of a CISO is to manage cybersecurity risk, both against active extralegal adversaries as well as regulatory/legal risk.
Many companies have greater regulatory/legal risk than adversarial risk.
Others, especially in the crypto/web3 space, carry adversarial security risk that dwarfs their regulatory risk. Apex predators like North Korea impose catastrophic, even existential, security risk on private sector companies in crypto/web3.
So how do we manage that risk?
The same way we manage any business risk.
CISO | Independent Cyber Security Advisor/Consultant | Security Strategy | GRC | Cyber Risk Quantification | IT/OT | Physical Security | Convergence | BCM | Resilience | Carnegie Mellon CISO Cert | CRISC | CBCI | CSMP
5 个月Risk is the very essence of the security function and its strategic management. Therefore the CISO's role is to be a cyber risk and resilience advisor to all stakeholders of the organisation and manage the limited resources based on risk to the business.
Global CISO at Bitpanda | One of Germany's Top CISOs | Keynote Speaker | Security Advocate & Ambassador
5 个月Once more you write an article I‘m supporting 100%! Thanks for being such an advocate for us ????