As the security landscape has changed, so has the role of the chief information security officer (CISO). Previously a technical role, it has become more business focused.
Now, the CISO reports to the board of directors, using a business risk management perspective. Security has become a business enabler.
Accordingly, CISOs must take a proactive, pragmatic, business-focused approach to security. This paper sets out five major areas of focus for the practical CISO.