CISOs must shape up or ship out, says Forrester

Chief information security officers will have evolve into corporate information risk managers if they are to survive in the future, says Andrew Rose, principal analyst at Forrester Research.

“CISOs can’t afford to remain where they are; they need to decide whether they want to move up or down,” he told Forrester’s forum for risk and security professionals in London.

Moving down would be to take on a supporting role of technical expert, security analyst, legal adviser, compliance advisor or the like, said Rose. Moving up to become a corporate information risk manager will, however, require facing up to many current failures, he said.