The Role of Cyber Risk in the Organisation

Jack Jones

INTRODUCTION

Whether you refer to the function as “information security”, “information assurance”, “cyber risk” or some other variation, most businesses of any size today have personnel who are dedicated to helping the business manage the “things that can go wrong” with information and technology. Where these personnel report within an organisation can vary widely, as can the definition of their responsibilities. Their fundamental roles, however, and thus their value proposition, are constant. Unfortunately, the roles of these personnel, particularly the lead (eg, the CISO), are often misunderstood, which often creates confusion and frustration, and limits their ability to be effective.

This chapter will clarify the fundamental roles of the cyber risk function (hereafter referred to as “cyber risk”). The objective is to enable businesses to better understand and more effectively leverage the cyber risk value proposition.

Note that, throughout this chapter, we refer to the head of the cyber risk function as the CISO. The actual title of this role will vary from organisation to organisation.

The fundamental value proposition

There is an common belief, both inside and outs

To continue reading...

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an indvidual account here: