Loading...
Paper Number
1967
Paper Type
Complete
Description
Increasingly, large organisations are turning to cybersecurity leaders such as chief information security officers (CISOs) to protect their information resources against attack. The role of the cybersecurity leader is distinct from other cybersecurity professionals in its need for strategy and collaboration, and distinct from other business leaders in its need to maintain situational awareness against active adversaries. Because the role is so new, however, organisations and educators continue to conceptualise it as a senior technological role rather than a strategic, business-oriented role. This representation leaves open a gap between what is viewed as ‘business’ and what is viewed as ‘IT’ – a gap that can leave organisations vulnerable to attack. In this systematic review, we examine the literature on cybersecurity leaders to develop a picture of the competencies required. Following analysis, we propose a preliminary matrix of competencies required for cybersecurity leaders. We conclude with an agenda for further research.
Recommended Citation
Anderson, Ashley Baines; Ahmad, Atif; and Chang, Shanton, "Competencies of Cybersecurity Leaders: A Review and Research Agenda" (2022). ICIS 2022 Proceedings. 9.
https://aisel.aisnet.org/icis2022/security/security/9
Competencies of Cybersecurity Leaders: A Review and Research Agenda
Increasingly, large organisations are turning to cybersecurity leaders such as chief information security officers (CISOs) to protect their information resources against attack. The role of the cybersecurity leader is distinct from other cybersecurity professionals in its need for strategy and collaboration, and distinct from other business leaders in its need to maintain situational awareness against active adversaries. Because the role is so new, however, organisations and educators continue to conceptualise it as a senior technological role rather than a strategic, business-oriented role. This representation leaves open a gap between what is viewed as ‘business’ and what is viewed as ‘IT’ – a gap that can leave organisations vulnerable to attack. In this systematic review, we examine the literature on cybersecurity leaders to develop a picture of the competencies required. Following analysis, we propose a preliminary matrix of competencies required for cybersecurity leaders. We conclude with an agenda for further research.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
06-Security