Cybersecurity ethics and CIO/CISO conflict of interest

CIO/CISO conflict of interest scenario...

The CIO tries to coerce the CISO (who reports to the CIO) to use their incident reporting process to censure and intimidate another department's senior staff -- by misrepresenting a minor issue that wouldn't normally meet the reporting threshold.

​

How would you describe the ethical boundary being crossed? How should the CISO respond?

amp cio ciso coerce conflict conflict of interest cybersecurity department ethics incident incident reporting interest issue process reporting reports respond scenario staff