Management guide for CISOs: responsibilities, strategies and best practices

Chief Information Security Officer (CISO) is a role that is becoming prevalent in a variety of companies that have sophisticated cybersecurity protocols. A CISO has the responsibility to manage internal and external risk management for IT and beyond. In this guide, we’ll focus on what a CISO does, including risk management functions and best practices for a CISO to be successful in addressing risk.

The multiple areas of risk CISOs must manage

The origins of the Chief Information Security Officer title date back to the mid-90s, when Citigroup hired Steve Katz for the role to deal with new world of security and information. This came in response to a series of cyberattacks from a Russian hacker. Nowadays cybersecurity is, of course, one of the biggest concerns that any company has when it comes to the safety of their data.

The duties of a CISO vary by company and industry. Simply put, the CISO is the top cybersecurity executive. Regulations and compliance can also impact the CISO’s role.

According to research by CNBC, there are at least seven areas of focus for a CISO:

• Security operations: This includes the real-time evaluation of threats, looking specifically at points of possible breach such as firewalls, entry points and databases. If a breach or attack occurs, then the problem needs to be analyzed and resolved
• Cyber-risk and cyber intelligence: This sector includes understanding emerging risks in the cyberworld as well as collecting intelligence about companies or products that could affect a business’s risk appetite
• Data loss and fraud protection: Proper tools need to be in place and monitoring the flow of information internally and to external parties. The objective is to prevent or immediately be aware if someone emails sensitive data or attempts to steal intellectual property
• Security architecture: A CISO needs to be (Read more...)