In many organizations, especially in government, the chief information security officer reports to the CIO. South Carolina Inspector General Patrick Maley proposes that the state create its first CISO post following a massive breach of its tax system. Maley says CISO should be independent of CIO, but some IT security and information risk experts think that’s a bad idea. Most agencies in the federal government have the CISO reporting to CIO; some experts say that’s not a good idea. The IG says making CISO independent provides a higher level of objectivity and independence.”]
Source: https://www.cuinfosecurity.com/blogs/achieving-balance-between-cio-ciso-p-1391