I’ve just begun a research project on CISO priorities in 2018. What I’m finding so far is that CISOs are increasing their focus in several areas including the following:
- Business risk. Yes, CISOs have always been employed to protect critical business assets but in the past, this was really executed with a bottom-up perspective – from IT and security infrastructure up to business processes. Fast forward to 2018 and CISOs are moving to a top down view from business processes down to the technology. This broadens their view of risk and mandates that security controls work collectively to protect ALL the technologies used to accomplish business processes. This is a profound change that challenges even the best CISOs and security organizations.