Defining the Strategic Role of the Chief Information Security Officer

The level of sophistication and dynamism of the security threat environment requires modern organizations to develop novel security strategies. The responsibility to strategize falls to the Chief Information Security Officer (CISO). A review of the security literature shows there has been little emphasis on understanding the role of the CISO as a strategist. In this research, we conduct a systematic literature review from the disciplines of information security and strategic management to identify specific attributes required by CISOs to become effective strategists. We discuss these attributes in the context of Information Security Management and argue that CISOs with these attributes or capabilities are better positioned to overcome the existing strategic security challenges facing organizations.