CISO Round Table

Back to list of all Outcomes

Original Working Session content: CISO Round Table


Synopsis and Takeaways

Target audience: companies without a CISO


Every Company needs a CISO, and every CISO should have a strong mandate and adequate resources.

The CISO should report

  • Firstly to the Board
  • Secondly to C-suite and sub-committees (so there are no conflicts of interest)

The CISO should

  • Have a centre of gravity skill set: strong business, technical, and security skills
  • Be an agent for transformation
  • Understand that security is a business function
  • Be able to facilitate business acceptance of risk

What the CISO needs

  • A budget they control
  • A mandate
  • Integrity of message
  • Central team (with senior SMEs)
  • Network of security champions
  • Presence on cross-functional committees and roadmaps

Top board requirements

  • Current programmes status
  • Meet regulatory requirements
  • Major business risks and incidents
  • Security asks

Top priorities for CISO

  • Situational awareness
  • Match risk appetite
  • Actionable metrics and dashboards

Back to list of all Outcomes

Edit this page here