Thursday, June 30, 2022

Principle of Information Security: Module 1 Introduction to Information Security (Part 9)

It takes a wide range of professionals to support a diverse information security program. To develop and execute specific security policies and procedures, additional administrative support and technical expertise is required.

The senior technology officer is typically the chief information officer (CIO), although other titles such as vice president of information, VP of information technology, and VP of systems may be used. The CIO is primarily responsible for advising the chief executive officer, president, or company owner on strategic planning that affects the management of information in the organization. The CIO translates the strategic plans of the entire organization into strategic information plans for the information systems or information technology division of the organization. Once this is accomplished, CIO work with subordinate managers to develop tactical and operational plans for the division and to enable planning and management of the systems that support the organization.

The chief information security officer (CISO) has primary responsibility for the assessment, management, and implementation of information security in the organization. The CISO may also be referred to as the manager for I T security, the security administrator, or by a similar title. The CISO usually reports directly to the CIO, although in larger organizations, one or more layers of management might exist between the two. However, the recommendations of the CISO to the CIO must be given equal if not greater priority than other technology and information-related proposals. The most common placement of CISO in organizational hierarchies, along with their assigned roles and responsibilities, is illustrated in Figure 1-13. Note that the placement and accountabilities of the CISO have been the subject of debate across the industry for decades.

Knowledge Check Activity 2

What title is given to the person with primary responsibility for assessment, management, and implementation of InfoSec in the organization?

A. Chief Information Officer
B. Chief Information Security Officer
C. Chief Executive Officer
D. Chief Finance Officer

The answer is B. CISO, or chief information security officer.

The CISO, usually reports to the CIO. While in some organizations, the CISO could report to the CFO, but that is not common.


Post a Comment