"Perfect is the Enemy of Good": The CISO's Role in Enterprise Security as a Business Enabler

要旨

Chief Information Security Officers (CISOs) are responsible for setting and executing organizations' information security strategies. This role has only grown in importance as a result of today's increasingly high-stakes threat landscape. To understand these key decision-makers, we interviewed 16 current and former CISOs to understand how they build a security strategy and the day-to-day obstacles that they face. Throughout, we find that the CISO role is strongly shaped by a business enablement perspective, driven by broad organizational goals beyond solely technical protection. Within that framing, we describe the most salient concerns for CISOs, isolate key decision-making factors they use when prioritizing security investments, and surface practical complexities and pain points that they face in executing their strategy. Our results surface opportunities to help CISOs better navigate the complex task of managing organizational risk, as well as lessons for how security tools can be made more deployable in practice.

著者
Kimberly Ruth
Stanford University, Stanford, California, United States
Veronica A.. Rivera
Stanford University, Stanford, California, United States
Gautam Akiwate
Stanford University, Stanford, California, United States
Aurore Fass
CISPA Helmholtz Center for Information Security, Saarbrucken, Germany
Patrick Gage Kelley
Google, New York City, New York, United States
Kurt Thomas
Google, Mountain View, California, United States
Zakir Durumeric
Stanford University, Stanford, California, United States
DOI

10.1145/3706598.3713895

論文URL

https://dl.acm.org/doi/10.1145/3706598.3713895

動画

会議: CHI 2025

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)

セッション: Security in HCI

Annex Hall F204
7 件の発表
2025-05-01 01:20:00
2025-05-01 02:50:00
日本語まとめ
読み込み中…