As Chief Information Security Officers, we are often asked to resolve this question. After all, the CISO is responsible for the policies and capabilities of the cyber defense of the organization. But as organizations grow into their Cyber Security awareness, it is often the case that the individual lines of business begin to recognize that it is their bottom line that is impacted – both by good and bad security.
