Chief information security officer
Encyclopedia
A chief information security officer (CISO) is the senior-level executive within an organization
responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology
(IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.
Typically, the CISO's influence reaches the whole organization. Responsibilities include:
Having a CISO or the equivalent function in the organization has become a standard in most business, government and non-profit sectors. Throughout the world, a growing number of organizations have a CISO. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. About one-third of these security chiefs report to a Chief Information Officer
(CIO), 35% to Chief Executive Officer
(CEO), and 28% to the boards of directors.
In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions.
Organization
An organization is a social group which distributes tasks for a collective goal. The word itself is derived from the Greek word organon, itself derived from the better-known word ergon - as we know `organ` - and it means a compartment for a particular job.There are a variety of legal types of...
responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...
(IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.
Typically, the CISO's influence reaches the whole organization. Responsibilities include:
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
and information assuranceInformation AssuranceInformation assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes... - Information regulatory complianceRegulatory complianceIn general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and...
(e.g., US PCI DSSPCI DSSThe Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....
, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA) - Information risk management
- Information technology controlsInformation technology controlsIn business and accounting, Information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control...
for financial and other systems - Information privacy
- Computer Emergency Response Team / Computer Security Incident Response Team
- Identity and access management
- Information security architecture
- IT investigations, digital forensicsDigital forensicsDigital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime...
, eDiscovery - Disaster recoveryDisaster recoveryDisaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity...
and business continuity management - Information Security Operations CenterInformation Security Operations CenterAn information security operations center is a location where enterprise information systems are monitored, assessed, and defended...
ISOC - Physical SecurityPhysical securityPhysical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...
Having a CISO or the equivalent function in the organization has become a standard in most business, government and non-profit sectors. Throughout the world, a growing number of organizations have a CISO. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. About one-third of these security chiefs report to a Chief Information Officer
Chief information officer
Chief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...
(CIO), 35% to Chief Executive Officer
Chief executive officer
A chief executive officer , managing director , Executive Director for non-profit organizations, or chief executive is the highest-ranking corporate officer or administrator in charge of total management of an organization...
(CEO), and 28% to the boards of directors.
In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions.
See also
- Information securityInformation securityInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....
- Information Security GovernanceInformation Security GovernanceInformation Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management.- Applicable Frameworks :*- See also :...
- Information Security ManagementInformation Security ManagementInformation security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage...
- Information Security Governance
- Board of DirectorsBoard of directorsA board of directors is a body of elected or appointed members who jointly oversee the activities of a company or organization. Other names include board of governors, board of managers, board of regents, board of trustees, and board of visitors...
- Chief Information OfficerChief information officerChief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...
- Chief Executive OfficerChief executive officerA chief executive officer , managing director , Executive Director for non-profit organizations, or chief executive is the highest-ranking corporate officer or administrator in charge of total management of an organization...
- Chief Security OfficerChief security officerA chief security officer is a corporation's top executive who is responsible for security.The CSO generally serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs...
- Chief Risk OfficerChief risk officerThe chief risk officer or chief risk management officer of a corporation is the executive accountable for enabling the efficient and effective governance of significant risks, and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic,...