How CISOs can balance business continuity with other responsibilities

On paper, the CISO owns the protection of confidentiality, integrity, and availability, but availability was outsourced a long time ago to either the CIO or facilities, according to Blake. “BCDR is typically owned by the CIO or facilities, but in a cyber incident, the CISO will be holding the toilet chain for the attack, while all the plumbing is provided by the CIO,” he says

CIOs won’t typically investigate cyber attacks to the same degree as CISOs. After a cyber incident, there may be competing priorities with backup and remediation, for example. “They [CIOs] might have a slightly different use case for a backup product, but they don’t operationalize the incident response, starting from remediation of the threat,” Blake tells CSO.

At the very least, the CISO needs a seat at the table during the incident response, but ideally the two teams need to be working in collaboration before, during and after. In Blake’s experience, this is the defining feature of organizations that suffer the least amount of downtime. “They’ve got that shared responsibility model between the two teams. They’ve drilled down into how they hand off from one to the other and they have proper case management between the two so nothing’s not missed,” he says.