SAN FRANCISCO, Feb. 29, 2016 (GLOBE NEWSWIRE) -- RSA CONFERENCE -- While the industry has become fatigued with the “CISOs don’t get respect from leadership” mantra, a new research-driven program from IANS is providing Chief Information Security Officers (CISOs) with a path to business impact based on a quantitative benchmark model. IANS’ research, presented today at the annual RSA information security conference, indicates that many CISOs are not successfully stepping up to a leadership role (as their C-Level title requires). In response, the IANS program reveals a distinct path for CISOs who are seeking to earn a seat at the executive table.
IANS, the world’s leading provider of in-depth security insights and decision support, issued the results from its study of more than 1,000 top corporate security officers. The research revealed that over 70% of CISOs and teams languish at a foundational level, characterized as being isolated within a technical function, with immature teams who have no influence on the business operations that cause information risk, and only tactical responsibility for securing data on the network.
22% of CISOs and teams report that they are in a transition state between this foundational level, and reaching an executive level of influence - and only eight percent of CISOs are considered to be at an “Executive Level,” regarded as peers by their C-Level colleagues.
“There is too much noise in the marketplace about what CISOs should be doing. It all sounds so platitudinous,” said Phil Gardner, IANS’ chief executive officer. “We kept hearing, ‘CISOs need to learn how to communicate like business leaders,’ and ‘Security must become part of the fabric of the business.’ We are more interested in discovering how CISOs and teams can earn that seat at the table, as well as the steps that the most successful CISOs and executives have taken to get there.”
IANS’ research has uncovered 50 distinct capabilities that top CISOs and teams have prioritized to mature their organizations. Gardner will report on IANS’ findings at RSA Conference 2016, helping CISOs start on their own path to leadership.
Among the top findings:
- There are four stages of maturity advancement, and a distinct maturity pathway that the top 8% have mastered. IANS has defined between three and five skills and capabilities that must be addressed and developed at each of the four stages of maturity advancement.
- More than half of the top-performing CISOs do not report to the CIO or into technology; rather, they have earned a direct-line report to the CFO, or the chief legal or risk officers.
“CISOs are in the most difficult of positions,” continued Gardner. “They have promised to protect the company’s critical assets across space and time, and yet have little or no control over the business decisions that cause risk. In order to be as effective as they can, they must possess the ability to engage effectively with the business as well as develop and maintain technical excellence.” At RSA Conference 2016, Gardner will be speaking on “Lighting the Path to Security Leadership.”
IANS has spent the last two years interviewing and assessing CISOs and their teams at more 1,000 companies throughout North America. The research has resulted in the development of “CISO Impact” – IANS’ proprietary framework. It identifies 15 categories of capabilities (eight technical domains and seven organizational factors) that CISOs and teams must address in order to achieve maximum business impact. More information about the IANS CISO Impact Diagnostic tools can be found here: https://diagnostics.iansresearch.com
IANS Chief Research Officer Stan Dolberg, formerly Forrester Research’s chief research officer, will join Gardner at the RSA Conference. Both are available for comment at the event.
IANS is the leading provider of in-depth security insights and decision support delivered through research, community, and consulting. Fueled by interactions among IANS Faculty and information security practitioners, IANS’ experience-driven advice helps IT security, risk management, and compliance executives make better, faster technical and managerial decisions.
IANS was founded in 2001 as the Institute for Applied Network Security. Inspired by the Harvard Business School experience of interactive discussions driving collective insights, IANS adapted that format to fit the needs of the information security community.