Aspen Institute’s US Cybersecurity Group Makes Recommendations for Maximizing Effectiveness of CISOs

October 4, 2023

Report advises how businesses can equip CISOs to protect their systems and achieve institutional objectives

CONTACT: Victoria Comella
High10 Media

Washington, D.C., October 4, 2023 – The Aspen Institute’s US Cybersecurity Group has released new guidelines for how organizations can equip their information security teams to handle both the evolving threat landscape and their broader corporate responsibilities. A tool for business leaders, the report aims to help ensure Chief Information Security Officers (CISOs), or their equivalent, can better address the range of cyber- and business-related risks their organizations grapple with on a daily basis. Just as the role of the Chief Financial Officer (CFO) changed years ago amid an evolving business and regulatory environment, CISOs are experiencing a similar shift.

Due to growing corporate reliance on information technology systems for business operations, the rising threat of criminal and nation-state cyberattacks, and expanding institutional and positional legal liability, the CISO now faces a more complex set of challenges internally and externally. The Evolving Role of the CISO: More Than Just Security charts the expanding nature of this C-Suite position, following its trajectory from back of office to front of house, with a particular focus on strategic institutional risk. 

“Too often, a CISO’s authority is inconsistent with their responsibility, yet corporate leaders frequently realize this only after a painful breach or compromise,” said Jeff Greene, Senior Director for Cybersecurity Programs at Aspen Digital. “We hope organizations of all sizes can use these recommendations to work proactively to strengthen their security operations.”

Led by the Aspen Digital program, the nonpartisan US Cybersecurity Group is a cross-sector, public-private forum for promoting a secure future for America’s institutions, infrastructure, and individuals – in cyberspace and beyond. Comprising top representatives from government, industry, and civil society dedicated to a safe and secure online environment, many of whom are long-time CISOs, this collective of leaders is well-positioned to define the state-of-play and future opportunities for this evolving role.

The report provides high-level structural recommendations designed to help organizations meet their business missions while also supporting broader national security objectives. Addressing the scope and scale of the CISO’s necessary responsibilities, The Evolving Role of the CISO offers guidance to help organizations ensure that they have the power to assess and respond to all varieties of risks before they materialize. Core to this success is their integration into procurement and merger-and-acquisition processes, inclusive of budget authority, and ability to make and enforce enterprise-wide security decisions. The report also covers how CISOs should collaborate with their functional equivalents, such as peer business units and board of directors.


Aspen Digital is a nonpartisan technology and information-focused organization that brings together thinkers and doers to uncover new ideas and spark policies, processes, and procedures that empower communities and strengthen democracy. This future-focused Aspen Institute program inspires collaboration among diverse voices from industry, government, and civil society to ensure our interconnected world is accessible, safe, and inclusive – both online and off. Across its initiatives, Aspen Digital develops methods for elevating promising solutions and turning thought into networked impact. To learn more, visit or email

The Aspen Institute is a global nonprofit organization whose purpose is to ignite human potential to build understanding and create new possibilities for a better world. Founded in 1949, the Institute drives change through dialogue, leadership, and action to help solve society’s greatest challenges. It is headquartered in Washington, DC and has a campus in Aspen, Colorado, as well as an international network of partners. For more information, visit


View Comments