The Best CISO Reporting Structure
by Twinstate Technologies
Opinions on the best CISO reporting structure have fallen into a few camps: there are those who sit firmly in the CIO camp, arguing that CISOs should report to the Chief Information Officer because cybersecurity only ever belongs in the IT functions realm. There are those that believe that a CIO's productivity mandate could conflict with the CISO's need to mitigate risk, and therefore the CISO should always and only report to the CEO. And then there are those who believe the allowable wiggle room comes from the current structure and needs of your organization. The debate rages on.