The IT Law Wiki
The IT Law Wiki

Definitions[]

A chief information security officer (CISO)

[e]stablishes, implements, and monitors the development and subsequent enforcement of the organization’s information security program.[1]
is an organizational official responsible for serving as the primary liaison for the CIO to the IT and ICS owners, common control providers, and information system security officers. The chief information security officer (1) possesses professional qualifications, including training and experience, required to administer the cybersecurity program functions; (2) maintains cybersecurity duties as a primary responsibility; and (3) heads an office with the mission and resources to assist the organization in achieving more secure information and IT and ICS. The chief information security officer or supporting staff members may also serve as authorizing official designated representatives or security control assessors.[2]

Overview[]

A chief information security officer is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks, respond to incidents, establish appropriate standards and controls, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.

References[]

See also[]


This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png