The CSO typically represents physical security. The CISO typically represents non-physical security.

Which is subordinate to the other?

Many organizations defer the question. They see the two as separate regardless of the evidence. Perhaps it’s because of the easily understood physical versus the harder to grasp non-physical.

My opinion for most organizations is that the CSO is subordinate to the CISO. The ratio used to go the other way. Physical security is important. It can’t be diminished. Yet Information Security & CyberSecurity ascends. Appreciating and dealing with physical security is a part of Information/Cyber Security.

Also on:

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Learn More)