The Evolving role of the CISO

The CISO's role has been evolving over the years. It is moving away from so much emphasis on compliance and monitoring towards a more strategic role, particularly as CISOs get more and more access to the C-Suite. A key to success as a CISO is collaboration with and understanding the work of other business units. A large part of the job is not about technology at all. It is about relationships, project management, and learning about several parts of the business. It is a good CISO's job to adequately assess and point out the risks to the business of various projects and business practices. What are other key elements that are part of the strategy of a successful CISO? Have you initiated a balanced Security Awareness Program? Is security baked in to your company's SDLC? Are you regularly running scans of both your network and your applications? Are you monitoring your network to detect unusual activity? What about when that dreaded intrusion into your network occurs? Do you know what to do? What about third party risk? Do you have adequate InfoSec policies, standards, and procedures?