Re: CISO on its own?
For a bank, risk/security is very much a field in its own...
Contrast this with retail where the main thrust of "security" is to reduce shrinkage (vanishing inventory). I caught the facility security manager installing malware infested freeware on her computer on a regular basis. I could not get her to understand that her machine was connected to every other one on the network, including and especially those the company used to generate profits.
Biting the hand that feeds IT
