Skip to main content

Should This Involve the Whole Organization?

  • Chapter
  • First Online:
Financial Cybersecurity Risk Management

Abstract

Throughout the past decade we have seen a variety of management experiments with new cybersecurity organizational structures. Many of these were formed hastily in response to management recognizing they were vulnerable to threats, and then grew to fulfill their mission of threat preparedness independently of both business and technology development. Even when cybersecurity departments are part of a technology group, they are often placed under an infrastructure manager and often have not been well-integrated with software specifications or deployments. Instead they focused on assessment and remediation of production environments. Overall, growth in cybersecurity organizations has been somewhat consistent, with Chief Information Security Officers (CISOs) designing enterprise-wide cybersecurity risk programs, piloting security technologies within the technology organization, and then seeking integration touch-points with other organizations as threats became more obvious and ubiquitous. Consequently, many cybersecurity officers have limited visibility into business requirements for technology and as a result may be assumed by their peers to have low levels of business insight and corresponding contribution to mission.1 The recent drive to build enterprise capabilities for managing cybersecurity risk represents a change to a more aligned approach wherein cybersecurity is viewed not only as a key consideration in enterprise risk management (ERM) but a key attribute of enterprise architecture.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+
from €37.37 /Month
  • Starting from 10 chapters or articles per month
  • Access and download chapters and articles from more than 300k books and 2,500 journals
  • Cancel anytime
View plans

Buy Now

Chapter
EUR 29.95
Price includes VAT (Netherlands)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 46.99
Price includes VAT (Netherlands)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 59.94
Price includes VAT (Netherlands)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Author information

Authors and Affiliations

Authors

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Paul Rohmeyer, Jennifer L. Bayuk

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Rohmeyer, P., Bayuk, J.L. (2019). Should This Involve the Whole Organization?. In: Financial Cybersecurity Risk Management. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4194-3_7

Download citation

Publish with us

Policies and ethics