Chief information security officer

From Wikipedia, the free encyclopedia

Jump to: navigation, search

A chief information security officer (CISO) is a job that focuses on information security within an organization. The job's responsibilities vary depending on the needs of the enterprise but often include responsibility for:[1][2]

  • security office mission and mandate development
  • security office governance
  • security policy development and management
  • security training and awareness development
  • security project portfolio development
  • supervision or management of ethical hackers

The chief information security officer often reports to the chief information officer or even directly to the chief executive officer.

[edit] Roles

Image:Ciso1.JPG

Roles and responsibility of CISO is yet to crystalize. Generally CISO of the organization is the policy maker with security operations as implementer and IT Audit as person who verifies compliance.

CISO is mandated to continuously question the existing standards in the light of the changes in the environment and make suitable changes to the policies of the organization.

Gartner Group defines the roles and responsibilities of CISO as:[3]

  1. Communications and Relationship CISO is expected to communicate to all the stake holders. Further he has the responsibility of creating security awareness among the organization staff and stake holders.
  2. Risk and Control Assessment CISO is required to do the risk assessment of the information assets of the organization. He is expected to recommend controls in light of the value vs. threat vs. vulnerability vs. cost.
  3. Threat and Vulnerability Management Security officer is required to conduct periodic vulnerability assessment of the assets of the company. Further he is expected to analysis the logs of the various system for initiating preventive measures.
  4. Identity and Access Management Ensure that process exist in the organization for the creation, modification, access priveleges and deletion of userid. Conduct review to assess that the access priveleges are on the basis of need to know.

[edit] Notes and references

  1. ^ http://www.chiefinformationsecurityofficer.com
  2. ^ http://cisohandbook.com
  3. ^ http://www.dts.ca.gov/ppt/news_events/Keys%20to%20Success%20for%20the%20Information%20Security%20Officer_W_DTS_v5.ppt
fr:Responsable de la sécurité des systèmes d'information

fi:Tietoturvajohtaja de:Chief_Information_Security_Officer

Retrieved from "http://india.smashits.com/wikipedia/Chief_information_security_officer"
Views
Personal tools

Toolbox