Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

How great IT security leaders succeed

Forrester identifies some surprising attributes that make for the best-performing CISOs
Page:

As the threat of attack, both external and internal, continues to take root and as data-handling regulations continue to proliferate, the role of a chief information security officer appears to be growing more complex by the day. Many CISOs are doing an admirable job of stemming the tide of data loss and keeping their heads above water around compliance. But some IT security leaders are doing it better than the rest, according to a recent Forrester Research report, which has identified several characteristics that make these top CISOs more successful than their peers.

Beyond predictable recommendations such as having a close relationship with their employer's business leaders and making security a pervasive issue across their entire organizations, several unexpected practices arose during Forrester's discussions with users, vendors, and regulators.

A moral compass is the key to success

The top finding was that truly effective CISOs must have a strong moral compass that allows them to lead as much by example as they command respect via mandate. "CISOs are expected to have a certain level of technical skill, but the character of the person really drives a lot of the success that they might have in this position," said Khalid Kark, a Forrester analyst and the report's chief author.

"Having the integrity, the visibility, and letting people know that you as an individual will always do the right thing is of great importance when you are being trusted to protect a lot of sensitive information." Other C-level executives may be able to get away with taking sides in corporate standoffs or going behind people's backs to accomplish their goals, but CISOs who expect to garner the level of respect needed to carry out their jobs most effectively must emit a persona of undeniable trustworthiness.

"Before doing the research, I wouldn't have guessed how important this aspect might have been, even having managed security operations myself," said Kark. "But it became clear that this is a characteristic that many people really value in a CISO. One of the issues that these executives face is that it takes time to build trust, and if you have that [moral] compass where you instinctively know what [is right] to do, you can achieve that [trust] in a shorter timeframe."

Also important to gaining that trust and executive buy-in is an ability to work with "the corporate psyche," as well as balancing the CISO position's political and policing roles.

Page:

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Creative, Forrester Research, Persona, PLUS, VIA
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Latest Blog Posts
Whitepapers
  • IDC Whitepaper: Generating Proven Business Value with EMC Next-Generation Backup and Recovery
    IDC interviewd ten companies that have deployed EMC backup and recovery solutions, including EMC Data Domain and EMC Avamar. Some of the customers also had EMC NetWorker. The purpose was to identify and quantify the resulting business value of each project, in order to calculate a cumulative return on investment. Read on.
    Learn more »
  • 10 Essential Steps to Web Security
    This short guide outlines 10 simple steps to best practice in web security. Follow them all to step up your organisation’s information security and stay ahead of your competitors. But remember that the target never stands still. Focus on the principles behind the steps – policy, vigilance, simplification, automation and transparency – to keep your information security bang up to date.
    Learn more »
  • Pathways Advanced ICT Leadership Development Program Brochure and Course Outline 2012
    Developed by the CIO executive Council in conjunction with Rob Livingstone Advisory, Pathways Advanced is a 12-month CIO delivered, small group, mentor based professional leadership development program. Pathways Advanced brings together best practice, thought leadership and business insights for today’s most promising ICT professionals
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.