Chief Information Security Officer, The senior executive officer is regarded as a Chief Information Security Officer (CISO) who is responsible for establishing and maintaining the enterprise strategy, vision and program to make sure that the information technologies and assets are duly protected. The CISO leads stage in developing, identifying, implementing and maintaining processes within the organization to reduce the information and information technology risks and threats. The CISO respond to incidents, manage security technologies establish appropriate standards and controls, and direct the establishment and implementation of procedures and policies. They are generally associated with information related issues. His influence generally reaches to the whole organization.
His/Her responsibilities include:
Computer Emergency Response Team / Computer Security Incident Response Team
Identity and access management
Disaster recovery and business continuity management
Information regulatory compliance (e.g.PCI US DSS, FISMA,HIPAA, GLBA; Canada PIPEDA; UK Data Protection Act 1998)
Information security and information assurance
Information risk management
Information technology controls for financial and other systems
Information Security Operations Center ISOC
IT investigations, digital forensics, e Discovery
It has become a standard in business, non-profit sectors and government ho have a CISO or the equivalent function. Huge no of organizations throughout the world have a CISO. Approximately 85% of large organizations had a security executive by 2009, up from 56% in 2008 and 43% in 2006. In a survey by Price water house Coopers for their Annual Information Security Survey in 2011, 80% of businesses had a CISO or equivalent function. About one-third of these security chiefs report to a Chief Information Officer (CIO), 28% to the board of directors and 35% to Chief Executive Officer (CEO).