Enterprises need to embrace top-down cybersecurity management

This article (by a CSO) argues that top-down management is an effective strategy for cybersecurity, in which the business objectives are prioritized. The processes required to achieve those objectives should then be engineered around the objectives. However, in order for the CISO to achieve this, it takes careful planning. The CISO cannot stretch his/her time to monitor assets across the extended enterprise, but rather should focus on critical information infrastructure.