Printer Friendly, PDF & Email

Stronger bonds: The evolution of the CISO-CCO regulatory partnership

Gopal K. Padinjaruveetil (gpadinjaruveetil@aaamichigan.com) is Vice President, Chief Information Security Officer, and Cris Mattoon (cqmattoon@aaamichigan.com) is Assistant Vice President, Compliance & Ethics, at The Auto Club Group in Dearborn, Michigan, USA.

This is the second of a two-part series dealing with cybersecurity risk management, regulations, and solutions.

In the first part of this two-part series, “Great expectations: The shifting cyber-regulatory landscape,” we addressed the heightened risk management expectations that regulatory agencies have expressed for the entities that they supervise.[1] This part will address the evolution of cybersecurity risk management and the increasing convergence between private sector solutions and regulatory expectations.

Chief information security officers (CISO) and chief compliance officers (CCO) are facing mounting questions from boards of directors, CEOs, shareholders, customers, and the media, who are seeking reassurance that their organizations’ digital infrastructure and data remain secure against tomorrow’s threats not yet even imagined. Leveraging cyber compliance risk assessments (CRAs) and other predictive tools and resources, CISOs and CCOs have also sought to integrate their efforts with the strategic objectives of the business lines while addressing regulatory agency efforts to supervise risk management effectiveness. Partnerships with governmental agencies that invite and reward innovation enhance trust and foster more effective risk management and strategic outcomes.

THIS DOCUMENT IS ONLY AVAILABLE TO MEMBERS.
PLEASE LOG IN OR BECOME A MEMBER