What is the discussion about (overview of group discussion)?

Alignment of Cybersecurity with IT


What are the critical areas discussed and why was it imperative to the group?

Corporate culture is the driver that tends to define cybersecurity and IT reporting structures. Therefore where security sits within an organization and then subsequent alignment back to IT is going to be all over the place. In my situation, I sit in IT and am also the CTO so that I can tie all the various infrastructure silos into a security-centric model.


What are a few takeaways from the discussion?

The variability in terms of how alignment works is really dependent on the culture of the organization, and the way in which “risk” is managed.


Do you have any recommendations to share?

  • From a security perspective it’s all about Risk Management and therefore how you align or not align in or outside of IT is at the end still be subject to how to manage risk for the organization.
  • Using Risk as an alignment tool then in theory would therefore be above and beyond any legacy organizational model.