Is the CISOs main priority to "protect the business" or "enable the business"?

Top Answer : I believe the role of the CISO is still evolving. In many instances, the CISO role was established to either manage regulatory and privacy requirements or to manage the information security function. In that early phase of the role, the CISO role mostly protected the business through technical competency.   However, the CISO role is in transition - enabling the business and help keep the business focused, functioning, and moving forward. CISOs need to be able to talk about risk management and articulate the impact of risk to the organization in terms the business can understand. Going forward, CISOs must understand and speak the language of business enablement and balance technical competency to protect the business.

Yellow Server
Health Care and Social Assistance
I believe the role of the CISO is still evolving. In many instances, the CISO role was established to either manage regulatory and privacy requirements or to manage the information security function. In that early phase of the role, the CISO role mostly protected the business through technical competency.   However, the CISO role is in transition - enabling the business and help keep the business focused, functioning, and moving forward. CISOs need to be able to talk about risk management and articulate the impact of risk to the organization in terms the business can understand. Going forward, CISOs must understand and speak the language of business enablement and balance technical competency to protect the business.
2 upvotes
Red Processor
Government
Both, first priority is to ensure the business systems and data are well protected and second, the systems function as intended to meet the business objectives. The CIO will play more of a role in helping the business achieve their goals and objectives.
3 upvotes
Blue Cloud
Educational Services
For any office, part of 'protect' the business should be to make certain that the business can survive and thrive -- rather than thinking of 'protect' in a more narrow sense such as 'protect the information' of the business or 'protect the network and servers and workstations' of the business.  Senior leadership (and, indeed, the entire organization) should be in alignment and agreement with the organization's goals and objectives. Also "protect the business" and "enable the business" shouldn't be and isn't always mutually exclusive.  Senior leadership should consider and agree upon a balanced risk vs reward ratio as well as weigh carefully individual risk vs reward decisions for the organization where profit isn't always the 100% motive nor is protection.   Look at the painful calculations and decisions businesses have had to make (stay open?  reduce production/capacity?  close completely?) during this pandemic. All officers in the organization need to make judgements whether the risks are worth the rewards that they enable even though their individual viewpoints may differ.
1 upvotes
Yellow Hard Drive
Software
Security is the frictionless enabler as companies are having to move at the speed of digital transformation leveraging next gen capabilities is one in the same.  I cant protect the business if it is not enabling it.
0 upvotes
Yellow Server
Retail
For me the main priority is protection. If he/she succeeds in doing that, then they are automatically enabling the business to go faster towards their objective.
1 upvotes