Abstract
Throughout the past decade we have seen a variety of management experiments with new cybersecurity organizational structures. Many of these were formed hastily in response to management recognizing they were vulnerable to threats, and then grew to fulfill their mission of threat preparedness independently of both business and technology development. Even when cybersecurity departments are part of a technology group, they are often placed under an infrastructure manager and often have not been well-integrated with software specifications or deployments. Instead they focused on assessment and remediation of production environments. Overall, growth in cybersecurity organizations has been somewhat consistent, with Chief Information Security Officers (CISOs) designing enterprise-wide cybersecurity risk programs, piloting security technologies within the technology organization, and then seeking integration touch-points with other organizations as threats became more obvious and ubiquitous. Consequently, many cybersecurity officers have limited visibility into business requirements for technology and as a result may be assumed by their peers to have low levels of business insight and corresponding contribution to mission.1 The recent drive to build enterprise capabilities for managing cybersecurity risk represents a change to a more aligned approach wherein cybersecurity is viewed not only as a key consideration in enterprise risk management (ERM) but a key attribute of enterprise architecture.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Paul Rohmeyer, Jennifer L. Bayuk
About this chapter
Cite this chapter
Rohmeyer, P., Bayuk, J.L. (2019). Should This Involve the Whole Organization?. In: Financial Cybersecurity Risk Management. Apress, Berkeley, CA. https://doi.org/10.1007/978-1-4842-4194-3_7
Download citation
DOI: https://doi.org/10.1007/978-1-4842-4194-3_7
Published:
Publisher Name: Apress, Berkeley, CA
Print ISBN: 978-1-4842-4193-6
Online ISBN: 978-1-4842-4194-3
eBook Packages: Professional and Applied ComputingApress Access BooksProfessional and Applied Computing (R0)