What is a CISO?
A CISO (chief information security officer) is a senior-level executive that sets out and executes a security program in order to make sure a company's information and technologies are protected from both internal and external threats.
The CISO may also work alongside the CIO (chief information officer) to keep up-to-date with cybersecurity products and services.
What does a CISO do?
Throughout the world, a growing number of organizations in business, government, and non-profit sectors have a CISO on board. These executives are in high demand, as they have a strong balance of both business acumen and technology knowledge.
A CISO's role has evolved from being focused solely on implementing and managing security control technology, to more of a consultative, business process, risk management professional.
A CISO is an enterprise risk management executive who identifies, develops, implements, oversees, and maintains a company's information security program. This includes setting out procedures and policies that protect the company's communications, systems and assets from information technology risks and threats.
A CISO's job is to increase shareholder value by protecting the company's market share, revenue and brand. In order to win management support for security, they need to show how they have prioritized, modeled and priced risk.
For each new project, they need to identify, analyze and evaluate the risks, measure the costs of securing the services and present viable options. This information helps decide how to allocate resources and also proves the CISO's value to the company.
It's important for CISO's to prioritize what's most important to the company and what generates the most revenue, then apply the appropriate security for that piece of the corporate world. They need to be able to develop a strategy for an overall architecture and delegate the technical responsibilities, all while still providing guidance and oversight.
A CISO's responsibilities may include:
- responding to incidents
- establishing appropriate standards and controls
- managing security technologies
- establishing and implementing policies and procedures
- establishing information-related compliance
- anticipating new threats
- working to prevent threats from occurring
- working with other executives to ensure security systems are working
- conducting employee security awareness training
- developing secure business and communication practices
- identifying security objectives and metrics
- choosing and purchasing security products from vendors
- ensuring the company is in regulatory compliance with the rules
- enforcing adherence to security practices
- ensuring the company's data privacy is secure
- managing the Security Incident Response Team
- conducting electronic discovery and digital forensic investigations
What is the workplace of a CISO like?
The CISO typically works with other C-level executives, and is aligned to a company's corporate strategy. They report progress and challenges, and receive corporate support should a ‘security event’ happens.
CISO's are also known as:
Chief Information Security Officer Chief Security Architect Corporate Security Officer Chief Security Officer Information Security Officer Global Head of Information Security