Chief information security officer

A Chief Information Security Officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.

Typically, the CISO's influence reaches the whole organization. Responsibilities include:

Computer Emergency Response Team / Computer Security Incident Response Team
Cybersecurity
Disaster recovery and business continuity management
Identity and access management
Information privacy
Information regulatory compliance (e.g., US PCI DSS, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA)
Information risk management
Information security and information assurance
Information Security Operations Center ISOC
Information technology controls for financial and other systems
IT investigations, digital forensics, eDiscovery
Security Architecture

Having a CISO or the equivalent function in the organization has become a standard in business, government and non-profit sectors. Throughout the world, a growing number of organizations have a CISO. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. In 2011, in a survey by PricewaterhouseCoopers for their Annual Information Security Survey,^[1] 80% of businesses had a CISO or equivalent. About one-third of these security chiefs report to a Chief Information Officer (CIO), 35% to Chief Executive Officer (CEO), and 28% to the board of directors.

In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions who also hold a similar Corporate title.

References

↑ Lua error in package.lua at line 80: module 'strict' not found.

External links

[1] Lua error in package.lua at line 80: module 'strict' not found.

[1]

v t e Corporate titles
Chief officers	Administrative Analytics Audit Brand Business Channel Commercial Communications Compliance Content Creative Data Design Digital Executive (CEO) Experience Financial Human resources Information Information security Innovation Investment Knowledge Learning Legal Marketing Medical Networking Operating Procurement Product Research Restructuring Revenue Risk Science Strategy Sustainability Technology Visionary Web
Other titles	Chairman President Creative director Development director Executive director General counsel Non-executive director Manager Supervisor Team leader
Related topics	Board of directors Corporate governance Executive pay Senior management Supervisory board Talent management

Chief information security officer

See also

References

External links

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools