There is a definite chasm between chief information security officers' (CISOs') priorities and their responsibilities. CISOs understand that their priorities need to align with business objectives, yet many of them remain focused on technology and operations. CISOs need to do more, incorporating business objectives into their efforts to manage information risk, achieve greater operational efficiencies, and bolster security awareness and training.