Document Type

Unpublished Research Paper

Publication Date



As we enter 2022, cybersecurity continues to challenge corporations and their CISOs. The sophistication of cyberthreats coupled with an evolving digital landscape has resulted in increased complexity and expanded responsibilities for the CISO. Simply put, there is greater scrutiny, greater regulation, greater complexity, and greater scope than ever before. To respond to these changes, CISOs must organize their “Office of the CISO” to meet the expectations and deliver for their organizations. Whether the CISO has a staff of three or thirty and whether they are prepared or not, these elements are being increasingly expected of CISOs. You can think of it as, ‘executiv-izing.' This article lays out a three-part framework for the Office of the CISO.


Computer Information Science

Creative Commons License

Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License
This work is licensed under a Creative Commons Attribution-NonCommercial-Share Alike 4.0 International License.