In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one.
Unfortunately for CISOs, their role is one of the positions held most accountable when a data breach occurs. According to one survey, 21 percent of IT decision-makers would most likely blame a data breach on the CISO, ranking second only behind the CEO.
CISOs can – and should – take steps well in advance to mitigate the possibility of their company falling victim to a data breach. And should a breach occur, this will help them hang on to their position.
In this article, we explore some of the ways that CISOs can avoid being perceived as a mere scapegoat and suggest how they can contribute in a more meaningful way to the company’s IT security posture and even enhance the organization’s brand.
What is a CISO?
Since the CISO role has only been in existence for a decade or two, some people aren’t even sure what the CISO does. This may contribute to the casting of blame after a data breach. In short, the CISO (chief information security officer) is the senior-level executive who’s responsible for executing and overseeing the company’s cybersecurity strategy.
CISO responsibilities may include:
- Hiring IT security staff
- Conducting employee security awareness training
- Developing secure business policies and practices
- Planning for disaster recovery
- Monitoring the IT environment for vulnerabilities and abnormal events
- Ensuring the privacy and security of customer data
- Identifying the most important security metrics and KPIs
- Evaluating and purchasing security products from vendors
- Managing responses to cybersecurity (Read more...)
This is a Security Bloggers Network syndicated blog post authored by Tripwire Guest Authors. Read the original post at: The State of Security