More proof that the much vaunted convergence of information security and physical security is being made flesh: ‘Research from the Economist Intelligence Unit shows the number of CSOs taking ultimate responsibility for the security of a business has almost doubled year-on-year.’
As this article says, CSOs – and in my view CIOs too – need to understand the business and be able to relate security to its needs. The concept of the CSO is in principle a good one, but it calls for a very broad range of abilities and experiences, and I am a little concerned as to where that talent is being nurtured.
While there may have been a doubling in the number of CSOs, I worry that the difference between a good and an indifferent office holder may be down to luck for many employers. We need to see more work done in the area of defining the CSO’s role and consequently what training and career experience is appropriate for achieving this office. Only then can we begin to have some confidence that the CSO title will deliver the reassurance it suggests.