Why Are We Still Talking About the Reporting Line of the CISO?
Why are so many organisations and security professionals still worried about the reporting line of the CISO? This is one of the oldest and most consistent debate agitating the security industry, and it looks far from resolved.
It has been polluted for decades by arbitrary and simplistic views on “separation of duties” and alleged “conflicts of interest”. But those views often come from sectors of the corporate spectrum with a fairly theoretical idea on how an organisation should operate, and rarely reflect the reality of how large organisations function.
The truth is that people work with people and that strong organisations are bound by trust, not distrust.