The do's and don'ts of an effective CISO

According to Eddie Zeitler, executive director of security certification organization ISC2, the role of the CISO is evolving to focus more on management and less on IT:

Traits of an effective CISO

* A decision maker (leader).

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

According to Eddie Zeitler, executive director of security certification organization ISC2, the role of the CISO is evolving to focus more on management and less on IT:

Traits of an effective CISO

* A decision maker (leader).

* Good understanding of business principles.

* Good understanding of the organization.

* Talks business language (a translator).

* Aligns security posture with business strategy.

* Sensitive to organization’s risk appetite.

* Willing to take responsibility.

* Gets fundamentals dealt with first.

* Talks risk.

Traits of an ineffective CISO

* Is an “island.”

* Is a “geek.”

* Has no understanding of how to tie security into the needs of the business.

* Has poor leadership/management/judgment skills.

* Is usually fire-fighting.

* Does not network with peers.

* Talks technology.

-- Cara Garretson

What it takes to be a great CISO

Read more about security in Network World's Security section.