Vice President, Delivery, Coalfire
The risks posed by the continually escalating number, variety, and sophistication of cyberthreats have in many ways worked to redefine and reshape our corporate landscapes. Over the past decade, not only have business systems, processes, and procedures adapted to the omnipresent need to minimize cyber risk, organizational structures themselves have morphed right along with them. As a result of these changes in ownership of cybersecurity and cyber compliance, many organizations do not align the activities and efforts that have so many commonalities, while both functions have the goal of reducing cyber risk for the organization.
Where once IT departments were wholly charged with both systems and security, most large enterprises have added CISOs and dedicated Cybersecurity organizations to address the pressing demands of cyber defense. Simultaneously, many companies in industries rife with risk also have Chief Risk Officers, Compliance and Risk groups, or individuals tasked exclusively to address the many regulation requirements including (but not limited to) cybersecurity regulations. And coming soon, the General Data Protection Regulation-mandated Data Protection Officer will join the crowd in every organization that hosts and/or processes EU citizen data. The debate continues regarding where this staff member should report. [Read more…]