The Chief Information Security Officer or CISO is the C-level executive in charge of information security and responsible for all procedures and policies designed to protect enterprise communications, systems and assets from both internal and external threas.
The CISO is tasked with anticipating new threats and actively working to prevent them. They must work with other executives across different departments to ensure that security systems are working smoothly while reducing the organization’s operational risks in the face of a security attack.
The CISO’s duties often includes:
• Conducting Employee Security Awareness Training
• Developing Secure Business And Communication Practices
• Identifying Security Objectives And Metrics
• Choosing And Purchasing Security Products From Vendors,
• Ensuring That The Company Is In Regulatory Compliance With The Rules From Relevant Bodies,
• Enforcing Adherence To Security Practices.
• Ensuring That The Company’s Data Privacy Is Secure
• Managing The Computer Security Incident Response Team
To perform the above duties successfully, a CISO should have:
• The ability to lead and manage employees
• A strong understanding of information technology and security
• Communicated complicated security concepts to technical and non-technical employees.
• Experience with risk management and auditing.
FAQs about CISOs
• What is the single most important thing CISOs
should be focusing on today?
The CISO is responsible for three primary areas, viz.
i) awareness;
ii) the maturity of the security team;
iii) communication with the team and the C-level.
• What is the biggest challenge for CISOs today?
The biggest challenge is articulating the risk profile to the key stakeholders. The CISO needs to keep up with the “nexus of forces viz. mobile, social, cloud, big data and analytics.”
• What sort of experience and skills does a CISO need to have?
The CISO needs to have excellent communications skills, augmented by a healthy mix of experience, an ability to see the big picture and in-depth knowledge of the security domain.
• What is the difference between a CISO and a CRO?
The CRO engages in risk qualification and governance while the functions of the CISO involve the qualitative aspects of most of the operations and management.
• Are CISOs influencers, protectors or responders in the enterprise?
The CISO should wear the hats of both the influencer and protector, and the role of responder should be delegated to members of the CISO team. A study reveals that India ranks 4th in on-line security breaches accounting for over 5% of global threat detections. In 2016 India saw a resurgence of email as an attack channel, combined with ransomware and areas such as the Internet-of-Things (IoT) being exposed to cyber-security breaches.
Consequently, companies in India are investing more to reduce cybersecurity risks and improve business performance as a 71%increase in budget on cybersecurity. Moreover, an increasing number of organizations are now adopting cloud—based security models to manage cyber threats.
Finally organizations across industries have realized the need to institutionalize the Office of the Chief Information Security Officer. Moreover, in several organizations companies the CISO leads the security office and reports into the C.E.O. and Risk Committee of the Board.