CISOs need to help develop “a deeper ownership across the business of everything that has to do with the security life cycle,” says Eddie Schwartz, vice president and CISO at the security firm RSA. Companies need more “advocates for doing things the right way” in all departments, Schwartz says. Security professionals need to “step back and say, ‘What is it fundamentally that’s wrong with security today in organizations like ours?” Security professionals must also consider the return on a security investment in terms of its value in preventing a costly breach.”]
Source: https://www.inforisktoday.com/blogs/what-should-cisos-priorities-be-p-1209