Chief information security officer
From Wikipedia, the free encyclopedia
A chief information security officer (CISO) is a job that focuses on information security within an organization. The job's responsibilities vary depending on the needs of the enterprise but often include responsibility for:[1][2]
- security office mission and mandate development
- security office governance
- security policy development and management
- security training and awareness development
- security project portfolio development
- supervision or management of ethical hackers
The chief information security officer often reports to the chief information officer or even directly to the chief executive officer.
[edit] Roles
Generally a CISO of the organization is the policy maker with security operations as implementer and an IT Auditor is the person who verifies compliance.
A CISO is mandated to continuously question the existing standards in the light of the changes in the environment and make suitable changes to the policies of the organization.
The roles and responsibilities are:
- Communications and Relationship The ability to communicate to all the stake holders. Further he has the responsibility of creating security awareness among the organization staff and stake holders.
- Risk and Control Assessment To do the risk assessment of the information assets of the organization. He is expected to recommend controls in light of the value vs. threat vs. vulnerability vs. cost.
- Threat and Vulnerability Management A security officer is required to conduct periodic vulnerability assessment of the assets of the company. Further he is expected to analyze the logs of the various system for initiating preventive measures.
- Identity and Access Management Ensure that process exist in the organization for the creation, modification, access priveleges and deletion of userid. Conduct review to assess that the access priveleges are on the basis of need to know.
