- Chief information security officer
-
A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.
Typically, the CISO's influence reaches the whole organization. Responsibilities include:
- Information security and information assurance
- Information regulatory compliance (e.g., US PCI DSS, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA)
- Information risk management
- Information technology controls for financial and other systems
- Information privacy
- Computer Emergency Response Team / Computer Security Incident Response Team
- Identity and access management
- Information security architecture
- IT investigations, digital forensics, eDiscovery
- Disaster recovery and business continuity management
- Information Security Operations Center ISOC
- Physical Security
Having a CISO or the equivalent function in the organization has become a standard in most business, government and non-profit sectors. Throughout the world, a growing number of organizations have a CISO. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006. About one-third of these security chiefs report to a Chief Information Officer (CIO), 35% to Chief Executive Officer (CEO), and 28% to the boards of directors.[citation needed]
In corporations, the trend is for CISOs to have a strong balance of business acumen and technology knowledge. CISOs are often in high demand and compensation is comparable to other C-level positions.
See also
- Information security
- Board of Directors
- Chief Information Officer
- Chief Executive Officer
- Chief Security Officer
- Chief Risk Officer
References
External links
Corporate titles Chief officers Chief accounting officer · Chief administrative officer · Chief analytics officer · Chief audit executive · Chief brand officer · Chief business officer · Chief channel officer · Chief commercial officer · Chief communications officer · Chief compliance officer · Chief creative officer · Chief data officer · Chief executive officer · Chief financial officer · Chief human resources officer · Chief information officer · Chief information security officer · Chief knowledge officer · Chief learning officer · Chief legal officer · Chief marketing officer · Chief merchandising officer · Chief networking officer · Chief operating officer · Chief procurement officer · Chief product officer · Chief risk officer · Chief science officer · Chief stores officer · Chief strategy officer · Chief technology officer · Chief visionary officer · Chief web officerOther titles Related Categories:- Management occupations
Wikimedia Foundation. 2010.
