Just an interesting snippet from The Register (emphasis mine):
RSA has appointed its first chief security officer, three months after a data theft on its network contributed to the hack of the world’s biggest defense contractor, and possibly other important customers.
http://www.theregister.co.uk/2011/06/10/rsa_chief_security_officer/
I’ve been telling people for ages that having a CISO is normal good practice these days. Evidently nobody told the security industry.