Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Target top security officer reporting to CIO seen as a mistake

Antone Gonsalves | June 17, 2014
Experts worry that the retailer's chief executive and board may not get a complete picture of the company's security.

Because Target is aware of the potential cost of a major breach, Jacob Olcott, principal consultant on cybersecurity at Good Harbor Security Risk Management, was surprised that Maiorino did not have a higher place in the executive suite.

Nevertheless, having the CIO above the CISO could work.

"It is reasonable for organizations that have security- and risk-conscious CIOs to have the CISOs report through them," Olcott said.

However, that structure will fail, if the CISO is "buried in the organization," Olcott said.

"If senior executives do not have visibility into the company's security posture, then that's a bad thing," he said.

Ultimately senior execs, including the CEO, CFO and general counsel, depend on the CISO in deciding the level of risk the company will accept in setting security spending.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.