Because of growing cybersecurity concerns, CISOs in the financial sector finally are getting more time with their boards of directors and more direct interaction with senior executives, says John Carlson, chief of staff at the Financial Services Information Sharing and Analysis Center.
"In many cases, the CISO is reporting directly to the CEO, or at least reporting up to the head of risk management," Carlson says in an interview with Information Security Media Group at RSA Conference 2016. "Each organization needs to figure out what works best for them, so you don't find uniform organizational structure. But you're certainly seeing much greater ... reporting or direct interaction with the CEOs and the boards."
Until recently, CISOs often got 30 minutes or less to make presentations to boards, he says. "In some cases now, they're getting four hours on a board agenda, where they're going through a deep dive of the controls and the risks that are out there. So, the CISOs are definitely getting more of the love, if you will, from the c-suite and the board."
During this interview (see audio link below photo), Carlson also discusses:
- Why cybersecurity is now considered a business issue, rather than an IT issue;
- How business email compromise attacks are evolving as a modern form of wire fraud; and
- Why ransomware attacks against all industries are a growing concern.
In addition to his role with FS-ISAC, Carlson also serves as vice chairman of the Financial Services Sector Coordinating Council. Before joining FS-ISAC, Carlson served as the executive vice president of BITS, the technology and policy division of the Financial Services Roundtable, where he led cybersecurity, technology risk and collaboration programs for 12 years. Carlson also has served as a managing director of Morgan Stanley's Operational Risk Department and served in various roles at the Office of the Comptroller of the Currency, U.S. Office of Management and Budget, Federal Reserve Bank of Boston and within the United Nations Center for Human Settlements.
Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.