At the recent ISSA International Conference in Dallas, SearchCompliance editor Ben Cole met with conference speakers to discuss the changing data threat landscapeand how it is influencing the information security role. In this Q&A, SANS Institute CISO Frank Kim explains why communication and other people skills have become a big part of infosec professionals’ job requirements.
As threats to company data have become a top business concern, how has it changed the role of the CISO and other infosec professionals?
Frank Kim: Traditionally, the CISO and the security leader has been, unfortunately, the one that has said ‘no.’ That was, perhaps, okay or acceptable enough in a time when the CISO was in charge of just IT security. But now the modern CISO is really responsible for a lot more, it’s not just it security. It’s regulatory compliance, legal concerns and it is also business concerns. How does the organization make money? How does the organization stay in business? We have to figure out how security can support that.