A few days ago I was preparing an introduction to the role and characteristics of the CISO for a good friend and I think that for its "generality" it may be interesting to include it here as a series. As always, comments welcome.The CISO (Chief Information Security Officer) is the senior executive within an organization responsible for establishing and maintaining the business vision, strategy, and program to ensure that information assets are adequately protected.
The CISO leads staff in identifying, developing, implementing, and maintaining processes across the organization to reduce information and information technology (IT) risks, as well as responding to incidents, establishing appropriate standards and controls, and leading in the establishment and implementation of policies and procedures. The CISO is generally responsible for compliance related to information security.
Responsibilities and Functions
Safeguard company assets, intellectual property, regulatory compliance and computer systems. Identify protection objectives, objectives and metrics in line with the corporate strategic plan. Manage the development and implementation of the global security policy, standards, guidelines and procedures to ensure the continuous maintenance of information security and asset protection. Define the network security architecture, network access and monitoring policies. Define security strategies and position itself in the organization to guide the objectives of security in the achievement of the objectives of the organization. Education and awareness of employees. Awareness and culture of safety throughout the organization highlighting the value it brings. The entire organization must understand the purpose of security. Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology. Develop and implement a security management system that allows identifying and responding to new risks in the organization. Be in charge of incident response planning, as well as security breach investigation, and assist with disciplinary and legal issues related to breaches as necessary. Work with external consultants as appropriate for independent security audits. Direct and permanently supervise the activities of the unit in order to establish continuous improvement measures. Formulate and conduct the process of Strategic Planning in Information and Communication Technologies.Develop the annual operational plan of the security area. Formulate the annual budget of the unit and evaluate its execution. Formulate and conduct the preparation of management normative documents for the ordering and improvement of the actions to be developed by the rest of the areas. Direct the process of development of Policies and Regulations of Use and development of services. Establish, review, approve and keep updated, together with the Security Committee, the Security Policy of the organization and the general responsibilities in matters of information security in each area of the organization. Approve the main initiatives to increase the level of information security. Monitor significant changes in the exposure of information resources to the most important threats. Monitor security-related incidents. Ensure that security is part of the information planning process and a business requirement. Evaluate the relevance and coordinate the implementation of specific information security controls for new systems or services. The next day, the Attributes of a CISO...Author: Samuel Linares
Source: InfoSecMan Blog
