Security Magazine logo
  • Sign In
  • Create Account
  • Sign Out
  • My Account
  • NEWS
  • MANAGEMENT
  • PHYSICAL
  • CYBER
  • BLOG
  • COLUMNS
  • EXCLUSIVES
  • SECTORS
  • EVENTS
  • MEDIA
  • MORE
  • EMAG
  • SIGN UP!
cart
facebook twitter linkedin youtube
  • NEWS
  • Security Newswire
  • Technologies & Solutions
  • MANAGEMENT
  • Leadership Management
  • Enterprise Services
  • Security Education & Training
  • Logical Security
  • Security & Business Resilience
  • Profiles in Excellence
  • PHYSICAL
  • Access Management
  • Fire & Life Safety
  • Identity Management
  • Physical Security
  • Video Surveillance
  • Case Studies (Physical)
  • CYBER
  • Cybersecurity News
  • More
  • COLUMNS
  • Cyber Tactics
  • Leadership & Management
  • Security Talk
  • Career Intelligence
  • Leader to Leader
  • Cybersecurity Education & Training
  • EXCLUSIVES
  • Annual Guarding Report
  • Most Influential People in Security
  • The Security Benchmark Report
  • The Security Leadership Issue
  • Top Guard and Security Officer Companies
  • Top Cybersecurity Leaders
  • Women in Security
  • SECTORS
  • Arenas / Stadiums / Leagues / Entertainment
  • Banking/Finance/Insurance
  • Construction, Real Estate, Property Management
  • Education: K-12
  • Education: University
  • Government: Federal, State and Local
  • Hospitality & Casinos
  • Hospitals & Medical Centers
  • Infrastructure:Electric,Gas & Water
  • Ports: Sea, Land, & Air
  • Retail/Restaurants/Convenience
  • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
  • Industry Events
  • Webinars
  • Solutions by Sector
  • Security 500 Conference
  • MEDIA
  • Videos
  • Podcasts
  • Polls
  • Photo Galleries
  • Videos
  • Cybersecurity & Geopolitical Discussion
  • Ask Me Anything (AMA) Series
  • MORE
  • Call for Entries
  • Classifieds & Job Listings
  • Continuing Education
  • Newsletter
  • Sponsor Insights
  • Store
  • White Papers
  • EMAG
  • eMagazine
  • This Month's Content
  • Advertise
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Security Leadership and ManagementCybersecurity News

Bridging the CISO-CSO Communications Gap

Threats have converged, even though the defenses against them still operate separately.

By Ed Bacco
handshake-enews
November 12, 2018

There was a time when the corporate security team was responsible for setting the policies for overall security within an organization including digital. Today, those responsibilities are likely to be separated between a Chief Security Officer (CSO) and a Chief Information Security Officer (CISO).  This brings into play the views, opinions, needs and requirements of both the CSO and the CISO and the potential conflict that may ensue.

While the technologies for securing “physical assets” have evolved immensely over the years, the problems they are tasked with solving have remained relatively unchanged. As an example, if a bad actor successfully breaks into one of your warehouses and steals millions of dollars’ worth of goods, there is nothing good about that scenario, but you will probably have the insurance to cover the losses and perhaps another warehouse to continue to serve your customers in an uninterrupted manner.

However, when you look at the digital side, even the theft of one customer record could be devastating both from a financial perspective and from a pure brand reputation perspective. In my previous role with a major Fortune 500 company, we called this a “company extinction event,” because the major commodity a company offered its customers was trust to protect the data that they willingly choose to share and the loss of trust isn’t something covered in an insurance policy, nor can you pull more out from another warehouse.

In our dealings as a provider of security risk management services, we are often called upon to help start and moderate conversations between CSOs and CISOs to help both accomplish their respective goals, because both have the same mission – to protect their organizations from outside threats.

But too often, what we uncover is a true lack of understanding from both parties that what they are really defending against are potentially the same threats – just viewing them through different lenses. Helping them develop a mutually accepted view of the threat, its potential impact on the business and what role the teams play in addressing the risk is the critical first step in the process of bridging the communications gap.

Complicating that relationship is the fact that that while physical security is seen as a critical layer in the protection of the IT network, it is at the same time a potential source of vulnerabilities to the very network they were designed to protect. The conversation will inevitably migrate to a discussion about a recent attack that leveraged security cameras to breach the network. As a physical security professional, it is sometimes difficult to know if the cameras on the network pose a risk. This presents an opportunity to advocate for, and engage with, the IT security team to help the physical security team make wiser choices around camera selection and to help ensure that the cameras and firmware remain optimized against threats. This can be the critical step in building a collaborative team focused effort to solve your organizations common problems.

Another issue we sometimes face in trying to communicate with our peers on the IT team are the subtleties in common language.  Let’s take the word “control;” control often leads to miscommunications because, by definition, it means “the power to influence or direct people’s behavior.” When these teams are talking about who has control over the physical security systems and their components or even control over parts of the facility such as data centers where the servers and panels reside, both teams may position themselves in such a way as to not give up control to the other team.  So instead of using the word “control,” a better word may be “access.” Allowing both teams access to the devices, systems and physical locations in question lets them both do their jobs. Even the slightest nuance can help avoid creating a conflict over something that wasn’t real in the first place.

Perhaps the next biggest obstacle we see in these discussions pertains to budget dollars and who has them. Going back to the concept of working toward the goal of reducing a company’s threats from outside influences may help both parties get on a path going in the same direction instead of from opposing ones.

Finally, while enterprise security risk management programs have been around for more than a decade, they were initially embraced by the IT side of the house not the physical security teams. This caused a fracture in the programs as the teams never developed a converged approach to identifying and addressing risk. The threats eventually got to the point of where they targeted both physical and cyber assets. In other words, the threats converged even though the defenses against them still operated separately.

Cyber threats will try to find your weakest link and exploit it. If companies continue to work in silos and focus on a singular threat or problem, they may not see threats coming from unexpected directions. The only reasonable way to minimize cyber threats is to develop programs and tools that are as agile as the threats themselves. In most cases, neither the CSO or CISO is entirely responsible for the risks that cyber threats present. However, without realizing it, they both may ultimately work for the individual or individuals who do own the risk. This realization usually leads to closer ties between the two teams, and that is when the real work can begin.

Enterprise security risk assessment and management is clearly more complicated in today’s world. But open, honest conversations and working together to understand the overall risks to the business will help any organization prepare to combat the threats their business may face every day.

KEYWORDS: information security network security security career security leaders

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Ed bacco

Ed Bacco brings more than 30 years of Security Management, Physical Security and Project Management experience and expertise to his role as the Chief Security Officer (CSO) at Aronson Security Group, an ADT Company, where he leads the Enterprise Security Risk Group (eSRG). Prior to joining the ASG team, Bacco was the global head of corporate security for Amazon where he was responsible for leading and expanding the corporate security & safety programs at more than 105 locations in over 29 countries. Previous to making the jump to the corporate world, Bacco was the Director of the National Transportation Security Operation Center where he coordinated the security at over 440 airports, seaports, rail lines, pipelines and public transportation hubs

Ed Bacco received the first ever U.S. Navy Award of Excellence for Physical Security,and he holds numerous patents, both in the U.S. and in Europe for physical security devices.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

Security’s Top 5 – 2024 Year in Review

Security’s Top 5 – 2024 Year in Review

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

The Money Laundering Machine: Inside the global crime epidemic - Episode 24

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

Middle East Escalation, Humanitarian Law and Disinformation – Episode 25

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC0521-Talk_FEAT-MAIN-slide1_1170x878px

    Bridging the gap: The digital divide

    See More
  • Lightbulb with gradient colorful background

    Bridging the widening cybersecurity skills gap

    See More
  • Business women

    Bridging the gender gap in cybersecurity

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing

Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!