The CISO role in many enterprises is expanding beyond security risk mitigation to risk management, privacy and regulations, and compliance.
"If you have worked in information security for the past 15 years, you have witnessed a maturation in the mission of security that is quite remarkable. In its infancy, security was oftentimes viewed as the troglodytes at the end of the corridor, who focused on analyzing packet streams, firewall logs and anti-virus anomalies...
Fast forward to the current day, and you will see a new view of security in many enterprises: security is evolving towards a broader focus in risk management. The responsibility of traditional information security has not decreased in importance or duty, but the mindset and role has certainly become more risk-based in nature for security leaders and many current CISOs. And this is appropriate, as information security management at its core is the mitigation, transference, reduction and elimination of risk to the enterprise."
Via Higher Ed InfoSec Council