Too Long; Didn't Read
The CISO is primarily responsible for the curation, development and execution of cyber security strategy and policy. The CEO on the other hand is focused on developing the strategy for business operations, resource allocation and the overall development of the business. Most organizations are setup to have the CISO report to the CEO or CFO, but very few are designed to have it reporting to the board. This is exactly the type of clear thinking that is needed for a business to thrive with an empowered CISO. The board of directors is a powerful group of individuals that are appropriately abstracted from the operations of a business.