Paper Number

1967

Paper Type

Complete

Description

Increasingly, large organisations are turning to cybersecurity leaders such as chief information security officers (CISOs) to protect their information resources against attack. The role of the cybersecurity leader is distinct from other cybersecurity professionals in its need for strategy and collaboration, and distinct from other business leaders in its need to maintain situational awareness against active adversaries. Because the role is so new, however, organisations and educators continue to conceptualise it as a senior technological role rather than a strategic, business-oriented role. This representation leaves open a gap between what is viewed as ‘business’ and what is viewed as ‘IT’ – a gap that can leave organisations vulnerable to attack. In this systematic review, we examine the literature on cybersecurity leaders to develop a picture of the competencies required. Following analysis, we propose a preliminary matrix of competencies required for cybersecurity leaders. We conclude with an agenda for further research.

Comments

06-Security

Share

COinS
 
Dec 12th, 12:00 AM

Competencies of Cybersecurity Leaders: A Review and Research Agenda

Increasingly, large organisations are turning to cybersecurity leaders such as chief information security officers (CISOs) to protect their information resources against attack. The role of the cybersecurity leader is distinct from other cybersecurity professionals in its need for strategy and collaboration, and distinct from other business leaders in its need to maintain situational awareness against active adversaries. Because the role is so new, however, organisations and educators continue to conceptualise it as a senior technological role rather than a strategic, business-oriented role. This representation leaves open a gap between what is viewed as ‘business’ and what is viewed as ‘IT’ – a gap that can leave organisations vulnerable to attack. In this systematic review, we examine the literature on cybersecurity leaders to develop a picture of the competencies required. Following analysis, we propose a preliminary matrix of competencies required for cybersecurity leaders. We conclude with an agenda for further research.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.