Chief information security officer See also References External links Navigation menu"Annual Information...
AdministrativeAnalyticsAuditBrandBusinessChannelCommercialCommunicationsComplianceContentCreativeDataDesignDigitalDiversityExecutiveExperienceFinancialHuman resourcesInformationInformation securityInnovationInvestmentKnowledgeLearningLegalMarketingMedicalMerchandisingNetworkingOperatingPrivacyProcurementProductResearchRestructuringRevenueRiskScienceSecuritySolutionsStrategySustainabilityTechnologyVisionaryWebManagerGeneral manager
Management occupationsCorporate executives
organizationinformation technologyISO/IEC 27001Chief Information OfficerChief Executive Officercorporate titleHolistic Information Security PractitionerEC-Council
A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. supervises the implementation to achieve ISO/IEC 27001 certification for an entity, or a part of it).
Typically, the CISO's influence reaches the entire organization. Responsibilities may include, but not be limited to:
Computer emergency response team/computer security incident response team- Cybersecurity
Disaster recovery and business continuity management
- Identity and access management
- Information privacy
- Information regulatory compliance (e.g., US PCI DSS, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA, Europe GDPR)
- Information risk management
Information security and information assurance
Information security operations center (ISOC)
Information technology controls for financial and other systems- IT investigations, digital forensics, eDiscovery
Having a CISO or the equivalent function in the organization has become a standard in business, government, and non-profit sectors. Throughout the world, a growing number of organizations have a CISO. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. In 2011, in a survey by PricewaterhouseCoopers for their Annual Information Security Survey,[1] 80% of businesses had a CISO or equivalent. About one-third of these security chiefs report to a Chief Information Officer (CIO), 35% to Chief Executive Officer (CEO), and 28% to the board of directors.
In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions who also hold a similar corporate title.
Independent organizations such as Holistic Information Security Practitioner Institute (HISPI) and EC-Council provide training, education and certification by promoting a holistic approach to Cybersecurity to Chief Information Security Officers (CISOs), Information Security Officers (ISOs), Information Security Managers, Directors of Information Security, Security Analysts, Security Engineers and Technology Risk Managers from major corporations and organizations.
See also
Information security
- Information security governance
- Information security management
- Board of Directors
- Chief data officer
- Chief executive officer
- Chief information officer
- Chief risk officer
- Chief security officer
References
^ "Annual Information Security Survey". PricewaterhouseCoopers. Retrieved 27 May 2012..mw-parser-output cite.citation{font-style:inherit}.mw-parser-output .citation q{quotes:"""""""'""'"}.mw-parser-output .citation .cs1-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/6/65/Lock-green.svg/9px-Lock-green.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .citation .cs1-lock-limited a,.mw-parser-output .citation .cs1-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Lock-gray-alt-2.svg/9px-Lock-gray-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .citation .cs1-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/a/aa/Lock-red-alt-2.svg/9px-Lock-red-alt-2.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration{color:#555}.mw-parser-output .cs1-subscription span,.mw-parser-output .cs1-registration span{border-bottom:1px dotted;cursor:help}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/12px-Wikisource-logo.svg.png")no-repeat;background-position:right .1em center}.mw-parser-output code.cs1-code{color:inherit;background:inherit;border:inherit;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;font-size:100%}.mw-parser-output .cs1-visible-error{font-size:100%}.mw-parser-output .cs1-maint{display:none;color:#33aa33;margin-left:0.3em}.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration,.mw-parser-output .cs1-format{font-size:95%}.mw-parser-output .cs1-kern-left,.mw-parser-output .cs1-kern-wl-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right,.mw-parser-output .cs1-kern-wl-right{padding-right:0.2em}
External links
- Guidance for Chief Information Security Officers
- Cert - Organizational Security
NIST - Governance (PDF)
