Defining the Strategic Role of the Chief Information Security Officer

The level of sophistication and dynamism of the security threat environment requires modern organizations to develop novel security strategies. The responsibility to strategize falls to the Chief Information Security Officer (CISO). A review of the security literature shows there has been little emphasis on understanding the role of the CISO as a strategist. In this research, we conduct a systematic literature review from the disciplines of information security and strategic management to identify specific attributes required by CISOs to become effective strategists. We discuss these attributes in the context of Information Security Management and argue that CISOs with these attributes or capabilities are better positioned to overcome the existing strategic security challenges facing organizations. Available at: https://aisel.aisnet.org/pajais/vol10/iss3/3

The CISO Role: a Mediator between Cybersecurity and Top Management

As organizations increasingly rely on digital solutions, they also become more exposed to cybersecurity threats. Thus, cybersecurity is becoming a strategic concern for the organizations rather than merely a technological issue. However, many organizations are still not sufficiently aware of the cybersecurity risks and their mitigation. This article studies how to engage the top management more in cybersecurity in order to mitigate the risk of cybersecurity threats. In particular, we focus on the role of the Chief Information Security Officer (CISO) as part of the organization’s cybersecurity strategy. We conducted qualitative interviews with nine cybersecurity professionals, including four CISOs, two CEOs, one information security leader and two information security ex-perts. Our study shows that the CISO role is acknowledged as important for facilitating communication between the technical staff and the top management, and for making top management understand the importance of their involvement in cybersecurity. In this sense, the CISO may serve the role as a mediator related to security aspects of the organization. Further, our findings support previous research on the importance for top management to engage actively in cybersecurity matters, including operational risk management, identifying critical assets and data, and defining necessary cybersecurity controls (physical, technical and administrative)

Environmental modelling of the Chief Information Officer

Since the introduction of the term in the 1980’s, the role of the Chief Information Officer (CIO) has been widely researched. Various perceptions and dimensions of the role have been explored and debated. However, the explosion in data proliferation (and the inevitable resulting information fuelled change) further complicates organisational expectations of the CIOs role. If organisations are to competitively exploit the digital trend, then those charged with recruiting and developing CIOs now need to be more effective in determining (and shaping) CIO traits and attributes, within the context of their own organisational circumstances and in line with stakeholder expectations. CIOs also need to determine their own suitability and progression within their chosen organisation if they are to remain motivated and effective. Before modelling the role of the future CIO, it is necessary to synthesise our current knowledge (and the lessons learnt) about the CIO. This paper, therefore, aims to identify and summate the spectrum of key researched ‘themes’ pertaining to the role of the CIO. Summating previous research, themes are modelled around four key CIO ‘dimensions’, namely (1) Impacting factors, (2) Controlling factors (3) Responses and (4) CIO ‘attributes’. Having modelled the CIOs current environment, and recognising the evolving IT enabled information landscape, the authors call for further research to inform the recruitment and development of the future CIO in terms of personal attributes and the measurable impact such attributes will have on their respective organisation

Beyond Goldwater-Nichols

This report culminated almost two years of effort at CSIS, which began by developing an approach for both revisiting the Goldwater-Nichols Department of Defense Reorganization Act of 1986 and for addressing issues that were beyond the scope of that landmark legislation

Hostile gatekeeping: The strategy of engaging with journalists in extremism reporting

This article broadly examines the relationship between strategic communications and journalism with specific reference to the issue of violent extremism. Using a case study of reporting on the Boko Haram conflict in Nigeria, it analyses the nature and consequences of engagement among the various communicators involved. The primary data were drawn from focus groups and individual interviews with thirty-two journalists and strategic communicators, and from analysis of Boko Haram videos and Nigerian security forces’ press releases. The findings suggest that journalists have a tense but interdependent relationship with strategic communicators that is characterised by conflict and cooperation, harassment and intimidation. Strategic communicators’ control of the conflict theatre and use of the Internet to reach audiences directly give them leverage in the relationship. They, however, rely on journalists to help enhance the reach and credibility of their narratives, while journalists depend significantly on their media releases

Defining a US defence diplomacy for Brazil at the beginning of the century

At the beginning of the 1990s, the US military was apparently considered to be a significant threat by the Brazilian Armed Forces. Other military establishments in the Hemisphere likewise expressed a lack of confidence, and even a sense of fear, regarding the North Americans. After an ‘opening’ in military relations between Brazil and the United States, directed by General Barry McAfree, commander-in-chief of the US Southern Command (SOUTHCOM) in the mid 1990s, Brazilian military sentiment regarding the US marginally improved. Nevertheless, by the end of the 1990s and the beginning of this Century, the Brazilian Armed Forces again felt threatened by the unilateralism of the US military. This work examines the the concept of ‘defense diplomacy’ and the process by which the Clinton Administration initiated an experiment in conjunction with the National Defense University (Fort Leslie McNair, Washington, DC), at the request of the Deputy Assitant Secretary of Defense for Western Hemisphere Affairs, that established between 1999 and 2001 a broader understanding of possible US defense diplomacy for the subsequent seven years. I was an invited participant in this experiment, along with more than two dozen North American and Latin American academics, including Brazilians, the aim of which was to complete a proposal under contract with the Defense Department. Although it was ended soon after the Bush Administration began, this experiment, and the broader concept of ‘defense diplomacy,’ may well have represented an important option for future hemispheric military relations

The Federal Cybersecurity Workforce: Background and Congressional Oversight Issues for the Departments of Defense and Homeland Security

[Excerpt] This report examines congressional oversight of two strategies undertaken by Congress and the executive branch to strengthen the federal cybersecurity workforce: (1) initiatives to define and identify the federal cybersecurity workforce, and (2) hiring and pay flexibilities applicable to cybersecurity positions at DOD and DHS. This report focuses on DOD and DHS because of their key roles in federal cybersecurity and because the majority of hiring and pay flexibilities for cybersecurity professionals authorized by Congress apply to DOD and DHS

Predictive policing management: a brief history of patrol automation

Predictive policing has attracted considerably scholarly attention. Extending the promise of being able to interdict crime prior to its commission, it seemingly promised forms of anticipatory policing that had previously existed only in the realms of science fiction. The aesthetic futurism that attended predictive policing did, however, obscure the important historical vectors from which it emerged. The adulation of technology as a tool for achieving efficiencies in policing was evident from the 1920s in the United States, reaching sustained momentum in the 1960s as the methods of Systems Analysis were applied to policing. Underpinning these efforts resided an imaginary of automated patrol facilitated by computerised command and control systems. The desire to automate police work has extended into the present, and is evident in an emergent platform policing – cloud-based technological architectures that increasingly enfold police work. Policing is consequently datafied, commodified and integrated into the circuits of contemporary digital capitalism

Managing at the Speed of Light: Improving Mission-Support Performance

The House and Senate Energy and Water Development Appropriations Subcommittees requested this study to help DOE's three major mission-support organizations improve their operations to better meet the current and future needs of the department. The passage of the Recovery Act only increased the importance of having DOE's mission-support offices working in the most effective, efficient, and timely manner as possible. While following rules and regulations is essential, the foremost task of the mission-support offices is to support the department's mission, i.e., the programs that DOE is implementing, whether in Washington D.C. or in the field. As a result, the Panel offered specific recommendations to strengthen the mission-focus and improve the management of each of the following support functions based on five "management mandates":- Strategic Vision- Leadership- Mission and Customer Service Orientation- Tactical Implementation- Agility/AdaptabilityKey FindingsThe Panel made several recommendations in each of the functional areas examined and some overarching recommendations for the corporate management of the mission-support offices that they believed would result in significant improvements to DOE's mission-support operations. The Panel believed that adopting these recommendations will not only make DOE a better functioning organization, but that most of them are essential if DOE is to put its very large allocation of Recovery Act funding to its intended uses as quickly as possible