Who Should the CISO Report To?

The author discusses the reporting structure for a chief information security officer (CISO) in an organization. He states that there is an ongoing debate on to whom the CISO should report which reflects the growing acceptance of the CISO role and function. He explores three types of CISOs which are technical information security officer (TISO), business information security officer (BISO) and strategic information security officer (SISO).