Abstract
As companies increasingly rate information as their most valuable asset, the executive in charge of maintaining the integrity and security of those assets has become the focal point for security problems in large and complex enterprise environments. Establishing the policies, procedures and training centering on data and system security across multiple departments requires unique consensus building skills and engendering trust partnerships across a complex range of corporate dynamics. And yet, in a crisis involving the loss of vital data, inadvertent disclosure of private information or malicious disruption of systems from outside bad actors, the CISO is in the hot seat. Often, the CISO office has minimum staff and maximum exposure. This paper presents an analysis of the strengths, weaknesses, opportunities and challenges of the CISO for a large state university that can provide insight into the larger problem faced by the private sector. The purpose is to illuminate the management issues facing the executive responsible for promoting the mission of the office—a mission to provide policy and guidance toward maintaining a secure computing environment. The purpose is also to provide a case study of a CISO exhibiting the qualities of security management gained through the strength of interpersonal networks, a case in evidence of the strength of weak ties.