In all three cases the reasons given for letting the most senior level information security person go was cost cutting. Are you serious? These are huge, international firms with complex regulatory requirements and enormous dependence on IT for their business. Yet, their senior management feels that the CISO is the person to cut to help reduce costs?
That’s very dangerous, in my book. I am starting to dive deeper into each of these cases and am learning details as I write this article, so much of what I say at this point is early conjecture. I plan to provide more detailed analysis in the coming weeks.
Suffice it to say that at an early glance, each of the CISOs that were let go had managed to build a very solid information security and compliance program. Each had strong ties to senior management with the board’s ear when they needed it. They had managed to put excellent technical and non-technical controls in place to support security, privacy and compliance. They each also reported up through IT.
Popularity: 6%
One Comment
This is cyclical.
Check out one of my first blog posts from 2006 with the spin-down that happened after SoX:
http://www.rationalsurvivability.com/blog/?p=537
Sad.
/Hoff