From checkboxes to frameworks: CISO insights on moving from compliance to risk-based cybersecurity programs

How security leaders are building risk-based cybersecurity programs

Security is an ever evolving landscape. Chief information security officers and leaders need a solid strategy and method for prioritizing security investments. In this year’s assessment we found:

Read the executive summary based on in-depth interviews by Southern Methodist University. We identify the top three challenges and three ways to develop better risk-based cybersecurity programs.

Good compliance does not equal good security.

CISO, Government

Watch the Video

Fortifying for the future:
Insights from the 2014 IBM Chief Information Security Officer Assement

Learn more from the CISO assessments

Already tasked with protecting companies from a vast domain of ever-changing threats, Chief Information Security Officers (CISOs) and other security leaders must now prepare for more avenues of attack as well as more sophisticated attackers.

Research from the IBM Center for Applied Insights (PDF,639 KB) pinpoints what worries today’s security leaders and what they’re doing to address those concerns. We also identify several actions that security leaders can take to help their companies manage the approaching uncertainties in information security.

Shaping security problem slovers: Academic insight to fortify for the future

In a follow-up to the 2014 CISO assessment, we interviewed cybersecurity academics who held a range of responsibilities within their universities. First and foremost, the interviewees did what many of our CISO Assessment respondents have over the years: point out the various imperfections, concerns and issues afflicting today's information security practices. But the interviewees didn't stop at identifying problems—they also offered ways in which these challenges could be addressed through actions within academia.

The path of security leadership

Infographics and additional leadership insights

Often, it helps to take a different view. Explore a few additional insights on the role of security leaders and cybersecurity priorities from our CISO assessments and related research.

Meet the Authors