Chief information security officer
Encyclopedia
A chief information security officer (CISO) is the senior-level executive within an organization
Organization
An organization is a social group which distributes tasks for a collective goal. The word itself is derived from the Greek word organon, itself derived from the better-known word ergon - as we know `organ` - and it means a compartment for a particular job.There are a variety of legal types of...

 responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology
Information technology
Information technology is the acquisition, processing, storage and dissemination of vocal, pictorial, textual and numerical information by a microelectronics-based combination of computing and telecommunications...

 (IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.

Typically, the CISO's influence reaches the whole organization. Responsibilities include:
  • Information security
    Information security
    Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....

     and information assurance
    Information Assurance
    Information assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes...

  • Information regulatory compliance
    Regulatory compliance
    In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and...

     (e.g., US PCI DSS
    PCI DSS
    The Payment Card Industry Data Security Standard is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, e-purse, ATM, and POS cards....

    , FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA)
  • Information risk management
  • Information technology controls
    Information technology controls
    In business and accounting, Information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control...

     for financial and other systems
  • Information privacy
  • Computer Emergency Response Team / Computer Security Incident Response Team
  • Identity and access management
  • Information security architecture
  • IT investigations, digital forensics
    Digital forensics
    Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime...

    , eDiscovery
  • Disaster recovery
    Disaster recovery
    Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity...

     and business continuity management
  • Information Security Operations Center
    Information Security Operations Center
    An information security operations center is a location where enterprise information systems are monitored, assessed, and defended...

     ISOC
  • Physical Security
    Physical security
    Physical security describes measures that are designed to deny access to unauthorized personnel from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts...



Having a CISO or the equivalent function in the organization has become a standard in most business, government and non-profit sectors. Throughout the world, a growing number of organizations have a CISO. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. About one-third of these security chiefs report to a Chief Information Officer
Chief information officer
Chief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...

  (CIO), 35% to Chief Executive Officer
Chief executive officer
A chief executive officer , managing director , Executive Director for non-profit organizations, or chief executive is the highest-ranking corporate officer or administrator in charge of total management of an organization...

 (CEO), and 28% to the boards of directors.

In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions.

See also

  • Information security
    Information security
    Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction....

    • Information Security Governance
      Information Security Governance
      Information Security Governance, Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management.- Applicable Frameworks :*- See also :...

    • Information Security Management
      Information Security Management
      Information security describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage...

  • Board of Directors
    Board of directors
    A board of directors is a body of elected or appointed members who jointly oversee the activities of a company or organization. Other names include board of governors, board of managers, board of regents, board of trustees, and board of visitors...

  • Chief Information Officer
    Chief information officer
    Chief information officer , or information technology director, is a job title commonly given to the most senior executive in an enterprise responsible for the information technology and computer systems that support enterprise goals...

  • Chief Executive Officer
    Chief executive officer
    A chief executive officer , managing director , Executive Director for non-profit organizations, or chief executive is the highest-ranking corporate officer or administrator in charge of total management of an organization...

  • Chief Security Officer
    Chief security officer
    A chief security officer is a corporation's top executive who is responsible for security.The CSO generally serves as the business leader responsible for the development, implementation and management of the organization’s corporate security vision, strategy and programs...

  • Chief Risk Officer
    Chief risk officer
    The chief risk officer or chief risk management officer of a corporation is the executive accountable for enabling the efficient and effective governance of significant risks, and related opportunities, to a business and its various segments. Risks are commonly categorized as strategic,...


External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK