The CISO Role: a Mediator between Cybersecurity and Top Management

Authors

  • Håkon Sjøberg Sveen
  • Filip Østrem
  • Jaziar Radianti
  • Bjørn Erik Munkvold

Abstract

As organizations increasingly rely on digital solutions, they also become more exposed to cybersecurity threats. Thus, cybersecurity is becoming a strategic concern for the organizations rather than merely a technological issue. However, many organizations are still not sufficiently aware of the cybersecurity risks and their mitigation. This article studies how to engage the top management more in cybersecurity in order to mitigate the risk of cybersecurity threats. In particular, we focus on the role of the Chief Information Security Officer (CISO) as part of the organization’s cybersecurity strategy. We conducted qualitative interviews with nine cybersecurity professionals, including four CISOs, two CEOs, one information security leader and two information security ex-perts. Our study shows that the CISO role is acknowledged as important for facilitating communication between the technical staff and the top management, and for making top management understand the importance of their involvement in cybersecurity. In this sense, the CISO may serve the role as a mediator related to security aspects of the organization. Further, our findings support previous research on the importance for top management to engage actively in cybersecurity matters, including operational risk management, identifying critical assets and data, and defining necessary cybersecurity controls (physical, technical and administrative).

Downloads

Download data is not yet available.

Downloads

Published

2023-01-02

Issue

No. 2 (2022): NOKOBIT Norsk konferanse for organisasjoners bruk av IT

Section

Regular papers

License 

Creative Commons Attribution 4.0 International Public License
https://creativecommons.org/licenses/by/4.0/legalcode.txt