Mr. Comey’s statement underscores what should be obvious. Organizations that have a dedicated information security team — preferably one led by a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) — are in a more defensible security position. Of course, companies cannot eliminate cyber risks simply by hiring a CISO, but they will reduce cyber risks considerably if they do so. Having an individual or team dedicated to cybersecurity – whether internal or external – is now an essential risk mitigation step for any organization serious about managing cybersecurity.
via Guest Column: ‘Don’t Think You Need A CISO? Think Again’.