Paper Number
2564
Paper Type
Short
Description
The role of the chief information security officer (CISO) has emerged as critically important to organizations in managing cybersecurity risks. Unfortunately, many CISOs are limited by perceptions of boards and executive teams that the CISO is not a strategic partner. This study investigates CISOs’ struggles for legitimacy in their ascendancy into the executive suite and in directly reporting to the board of directors. In a grounded theory interview study, we use legitimacy theory as a lens to develop a model of a virtuous cycle of legitimacy, wherein a CISO’s legitimacy gains at the board level feed into successful bids for legitimacy within the executive suite, extending legitimacy theory to include legitimacy assessments within related hierarchal groups (i.e., the board and executive team). Given the growing importance of CISOs, we inform research and practice on how they can become full-fledged members of the executive team and legitimate partners of the board.
Recommended Citation
Lowry, Michelle René; Sahin, Zeynep; and Vance, Anthony, "Taking a Seat at the Table: The Quest for CISO Legitimacy" (2022). ICIS 2022 Proceedings. 14.
https://aisel.aisnet.org/icis2022/security/security/14
Taking a Seat at the Table: The Quest for CISO Legitimacy
The role of the chief information security officer (CISO) has emerged as critically important to organizations in managing cybersecurity risks. Unfortunately, many CISOs are limited by perceptions of boards and executive teams that the CISO is not a strategic partner. This study investigates CISOs’ struggles for legitimacy in their ascendancy into the executive suite and in directly reporting to the board of directors. In a grounded theory interview study, we use legitimacy theory as a lens to develop a model of a virtuous cycle of legitimacy, wherein a CISO’s legitimacy gains at the board level feed into successful bids for legitimacy within the executive suite, extending legitimacy theory to include legitimacy assessments within related hierarchal groups (i.e., the board and executive team). Given the growing importance of CISOs, we inform research and practice on how they can become full-fledged members of the executive team and legitimate partners of the board.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
06-Security