In conversations with industry contacts this past week, I heard the same thing: in many companies, information security is being absorbed into various business units. That is to say, there is a trend afoot where company leaders are looking to meld IT security objectives with business ones. This isn't a new concept, the idea that security must be a business enabler, but the thought that information security and its associated operation should be made integral parts of more traditional business divisions is. Taking it a step further, such transformations are prompting some of these same companies to make CSOs or CISOs and their teams not part of the IT department any longer, but part of a risk management branch.
展开▼
