CISO on the Org Chart: Where Should They Sit?
by Twinstate Technologies
Opinions about CISO reporting structure, or where the CISO on the org chart should sit, has fallen into a few camps: there are those who sit firmly in the CIO camp, arguing that CISOs should report to the Chief Information Officer because cybersecurity only ever belongs in the IT functions realm. There are those that believe that a CIO's productivity mandate could conflict with the CISO's need to mitigate risk, and therefore the CISO should always and only report to the CEO. And then there are those who believe the allowable wiggle room comes from the current structure and needs of your organization. The debate rages on.