Establishing command and control gives the power to professionals so they can properly assess the risks and determine which threats pose the greatest danger and must be considered a high security priority. Authority also requires that they identify potential threats that may be considered “acceptable risks” to the organization – meaning they are worth keeping an eye on, but don’t warrant a significant security investment.
For a long time, security was its own entity in the IT infrastructure. Security and IT didn’t always see eye to eye, and there were often points of contention. Nowadays, as collaboration between the two has become more common, both IT and security are combining forces to better understand the risks and threats to the enterprise.
For the next generation of enterprise security leaders, is there a clear path forward to success? Enterprise security leaders discuss mentorships, education, certifications and the skills new CSOs and CISOs will need to succeed in their evolving roles and bring value to the business. But the problem is: with existing security leadership roles varying so widely, is the development of a uniform skill set even possible?