Succession

Given the increasing importance of the chief information security officer role, enterprises should prioritize CISO succession planning. Learn how.

They should also review and approve those plans to ensure they do the following: To prepare for such unforeseen events, ensure every security role has documentation describing its key responsibilities and tasks. CISO succession planning can help companies make sure they are prepared for the inevitable, when it occurs. The following are among the major changes within an enterprise that should trigger a review: With significant notice -- at least three months -- companies may have the luxury of onboarding a new CISO before the outgoing one has left. Assess strengths and weaknesses of existing senior security talent, as well as their personalities, professional experiences and career goals, within the context of the anticipated security landscape and enterprise needs. Next, they should review any succession plans that exist for other executive roles to help identify organization-specific items the security program's plan should include. These up-and-coming security leaders likely have their own thoughts about emerging trends and threats, so actively include them in future-proofing discussions. While no one can predict exactly what will occur tomorrow, it is possible to make an informed assessment of what security issues are likely to arise or linger based on the following: From early in their tenures, smart CISOs, therefore, have ideas of the following: But the enormous pressure of this role, combined with overwhelming demand for qualified candidates, creates a high probability a With this in mind, it is essential companies plan for their existing CISOs' inevitable departures.