In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one.

Unfortunately for CISOs, their role is one of the positions held most accountable when a data breach occurs. According to one survey, 21 percent of IT decision-makers would most likely blame a data breach on the CISO, ranking second only behind the CEO.

CISOs can – and should – take steps well in advance to mitigate the possibility of their company falling victim to a data breach. And should a breach occur, this will help them hang on to their position.

In this article, we explore some of the ways that CISOs can avoid being perceived as a mere scapegoat and suggest how they can contribute in a more meaningful way to the company’s IT security posture and even enhance the organization’s brand.

What is a CISO?

Since the CISO role has only been in existence for a decade or two, some people aren’t even sure what the CISO does. This may contribute to the casting of blame after a data breach. In short, the CISO (chief information security officer) is the senior-level executive who’s responsible for executing and overseeing the company’s cybersecurity strategy.

CISO responsibilities may include:

  • Hiring IT security staff
  • Conducting employee security awareness training
  • Developing secure business policies and practices
  • Planning for disaster recovery
  • Monitoring the IT environment for vulnerabilities and abnormal events
  • Ensuring the privacy and security of customer data
  • Identifying the most important security metrics and KPIs
  • Evaluating and purchasing security products from vendors
  • Managing responses to cybersecurity (Read more...)