'Cyber security is a dark art' : The CISO as soothsayer. / Da Silva, Joseph; Jensen, Rikke Bjerg.

ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW). ACM, 2022.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

E-pub ahead of print

Standard

'Cyber security is a dark art' : The CISO as soothsayer. / Da Silva, Joseph; Jensen, Rikke Bjerg.

ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW). ACM, 2022.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Da Silva, J & Jensen, RB 2022, 'Cyber security is a dark art': The CISO as soothsayer. in ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW). ACM. <https://arxiv.org/abs/2202.12755>

APA

Da Silva, J., & Jensen, R. B. (2022). 'Cyber security is a dark art': The CISO as soothsayer. In ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW) ACM. https://arxiv.org/abs/2202.12755

Vancouver

Da Silva J, Jensen RB. 'Cyber security is a dark art': The CISO as soothsayer. In ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW). ACM. 2022

Author

Da Silva, Joseph ; Jensen, Rikke Bjerg. / 'Cyber security is a dark art' : The CISO as soothsayer. ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW). ACM, 2022.

BibTeX

@inproceedings{5e2a6a7d5b714730b95ba880c4c5cac3,
title = "'Cyber security is a dark art': The CISO as soothsayer",
abstract = "Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises, making their cyber-security function critically important. Many organisations employ a Chief Information Security Officer (CISO) to lead such a function. We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders, between October 2019 and July 2020, as part of a wider exploration into the purpose of CISOs and cyber-security functions. In this paper, we employ broader security scholarship related to ontological security and sociological notions of identity work to provide an interpretative analysis of the CISO role in organisations. Research findings reveal that cyber security is an expert system that positions the CISO as an interpreter of something that is mystical, unknown and fearful to the uninitiated. They show how the fearful nature of cyber security contributes to it being considered an ontological threat by the organisation, while responding to that threat contributes to the organisation's overall identity. We further show how cyber security is analogous to a belief system and how one of the roles of the CISO is akin to that of a modern-day soothsayer for senior management; that this role is precarious and, at the same time, superior, leading to alienation within the organisation. Our study also highlights that the CISO identity of protector-from-threat, linked to the precarious position, motivates self-serving actions that we term `cyber sophistry'. We conclude by outlining a series of implications for both organisations and CISOs.",
author = "{Da Silva}, Joseph and Jensen, {Rikke Bjerg}",
year = "2022",
month = feb,
day = "25",
language = "English",
booktitle = "ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW)",
publisher = "ACM",

}

RIS

TY - GEN

T1 - 'Cyber security is a dark art'

T2 - The CISO as soothsayer

AU - Da Silva, Joseph

AU - Jensen, Rikke Bjerg

PY - 2022/2/25

Y1 - 2022/2/25

N2 - Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises, making their cyber-security function critically important. Many organisations employ a Chief Information Security Officer (CISO) to lead such a function. We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders, between October 2019 and July 2020, as part of a wider exploration into the purpose of CISOs and cyber-security functions. In this paper, we employ broader security scholarship related to ontological security and sociological notions of identity work to provide an interpretative analysis of the CISO role in organisations. Research findings reveal that cyber security is an expert system that positions the CISO as an interpreter of something that is mystical, unknown and fearful to the uninitiated. They show how the fearful nature of cyber security contributes to it being considered an ontological threat by the organisation, while responding to that threat contributes to the organisation's overall identity. We further show how cyber security is analogous to a belief system and how one of the roles of the CISO is akin to that of a modern-day soothsayer for senior management; that this role is precarious and, at the same time, superior, leading to alienation within the organisation. Our study also highlights that the CISO identity of protector-from-threat, linked to the precarious position, motivates self-serving actions that we term `cyber sophistry'. We conclude by outlining a series of implications for both organisations and CISOs.

AB - Commercial organisations continue to face a growing and evolving threat of data breaches and system compromises, making their cyber-security function critically important. Many organisations employ a Chief Information Security Officer (CISO) to lead such a function. We conducted in-depth, semi-structured interviews with 15 CISOs and six senior organisational leaders, between October 2019 and July 2020, as part of a wider exploration into the purpose of CISOs and cyber-security functions. In this paper, we employ broader security scholarship related to ontological security and sociological notions of identity work to provide an interpretative analysis of the CISO role in organisations. Research findings reveal that cyber security is an expert system that positions the CISO as an interpreter of something that is mystical, unknown and fearful to the uninitiated. They show how the fearful nature of cyber security contributes to it being considered an ontological threat by the organisation, while responding to that threat contributes to the organisation's overall identity. We further show how cyber security is analogous to a belief system and how one of the roles of the CISO is akin to that of a modern-day soothsayer for senior management; that this role is precarious and, at the same time, superior, leading to alienation within the organisation. Our study also highlights that the CISO identity of protector-from-threat, linked to the precarious position, motivates self-serving actions that we term `cyber sophistry'. We conclude by outlining a series of implications for both organisations and CISOs.

M3 - Conference contribution

BT - ACM Conference On Computer-Supported Cooperative Work And Social Computing (CSCW)

PB - ACM

ER -