This is the point where I am supposed to write a paragraph explaining how important information security is to every business.

Do I really need to do that? Does anyone not know how important information security is to their business today? Can I just go ahead and assume that you've heard that message by now? I'm going to save us both some time, and avoid insulting your intelligence, by skipping the horror stories and scare tactics designed to convince you that you should invest more in cybersecurity.

Awesome, thanks!

Instead, let's talk about the role of information security in IT business alignment.

To begin, let's establish the organizational placement of information security responsibilities. According to the 2022 IANS + Artico CISO Compensation & Budget Survey, 69 percent of chief information security officers report to the technology function (either the CIO or CTO), while 31 percent report up through a business function (the CEO, COO, CRO, CFO, or legal counsel) (Heidrick & Stuggles, 2022). More important, the percentage reporting up through the technology function has increased over the last decade. For that one-third of organizations where the InfoSec function does not report to the technology leader, the information security function is providing the oversight and management of the security program, but they still must partner very closely with the IT department to implement security across the infrastructure. The core IT department still ...