The Chief Information Security Officer

The Chief Information Security Officer: Insights, tools and survival skills

BARRY L. KOUNS
JAKE KOUNS
Copyright Date: 2011
Published by: IT Governance Publishing
Pages: 71
https://www.jstor.org/stable/j.ctt5hh45r
  • Cite this Item
  • Book Info
    The Chief Information Security Officer
    Book Description:

    The CISO has overall responsibility for corporate security strategy, but today’s CISO has to be in the business of managing information, not just securing it. The successful CISO needs to have excellent communication and presentation skills, and to demonstrate keen business acumen. The serious and ever-changing nature of today’s security threats demand a strategic-minded response, and a successful CISO will always be thinking about how to gain business objectives through enabling technology while properly managing risk. This pocket guide emphasises the importance of a suitable information security management system (ISMS) and the risk management methodolgy that should be at its heart.

    eISBN: 978-1-84928-183-6
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. FOREWORD
    (pp. 5-5)

    Welcome toThe Chief Information Security Officer: Insights, tools and survival skills. This book challenges security professionals to recognize that the serious and ever-changing nature of today’s security threats demands a strategic-minded response and not just an operational reaction to the latest headlines. It poses the premise that it’s time for CISOs to transition from being a security coordinator, to being an evangelist for risk management who is also a technology innovator and a trusted adviser to senior management.

    The goal of this book is to challenge and guide information security professionals to think about information security and risk management...

  3. WHO SHOULD READ THIS BOOK
    (pp. 6-6)
  4. ABOUT THE AUTHORS
    (pp. 7-8)
  5. ACKNOWLEDGEMENTS
    (pp. 8-8)
  6. Table of Contents
    (pp. 9-10)
  7. INTRODUCTION
    (pp. 11-13)

    This book is divided into eight chapters designed to introduce you to the CISO position by discussing the tools used by the most effective CISOs and how current CISOs can grow with the challenges of the position. A brief description of each chapter follows:

    Chapter 1 The nature of the CISO role: The CISO is bombarded with new issues on a daily basis, making it one of the most challenging positions in organizations today. CISOs find themselves held responsible for the protection of the organization’s information, but often reporting to the CIO who is rewarded for making the organization’s information...

  8. CHAPTER 1: THE NATURE OF THE CISO ROLE
    (pp. 14-18)

    Chief Information Security Officers (CISOs) are bombarded with new challenges every day. In fact, the challenges that demand the CISO’s daily focus change so fast it makes little sense to list them here since they will be replaced with others tomorrow. Instead, let’s take a look at the very nature of the role and why it may well be one of the most unique and challenging in organizations today.

    Information security and the role of the CISO has for far too long been about implementing the latest security technology. Yes, technology plays a large role in businesses today, but identifying...

  9. CHAPTER 2: THE TRADITIONAL CISO JOB DESCRIPTION
    (pp. 19-22)

    The position and title Chief Information Security Officer (CISO) refers to the individual in an organization with an exclusive information security focus. The CISO is the individual responsible for overseeing the overall corporate security strategy, security architecture and security function. The scope of the role traditionally covers all implemented security technologies and services, including security applications, perimeter defenses, physical and logical access control, and access management for all employees, contractors and visitors. As the company’s dedicated information security officer, this role also has enterprise-level responsibility for all data/information security policies, standards, evaluations, audits and corporate security awareness programs.

    The CISO...

  10. CHAPTER 3: THE CHANGING CISO ROLE
    (pp. 23-26)

    The experience and skills that made yesterday’s Chief Information Security Officer successful will no longer meet today’s organizational needs. While still very much a technologist, today’s CISO must have excellent communication and presentation skills, be able to understand everything as a process and demonstrate keen business acumen. Today’s successful CISO will be able to relate the adoption of new technology with the legal, regulatory and business objectives in a way management can use when making decisions about resource allocations and risk management.

    While today’s CISO must stay abreast of the latest in security technology, the position requirements go far beyond...

  11. CHAPTER 4: THE NEW CISO’S TOOLBOX
    (pp. 27-34)

    According to Cisco’s CSO, John Stewart, “the number and quality of security professionals being educated in the nation’s universities (USA) increased in recent years, but there’s still a shortage.”⁶ Yet in spite of this somewhat encouraging news, there appears to be a chasm between C-level managers’ expectations and reality with regard to the security professional’s ability to not only understand and align with business objectives but to actively participate in achieving those objectives.

    To narrow the chasm between expectations and reality, today’s CISO cannot remain just a master technician, but needs to develop the skills of a leader, facilitator, communicator...

  12. CHAPTER 5: RISK MANAGEMENT
    (pp. 35-44)

    This chapter is about the heart of any Information Security Management System; the risk management methodology. The methodology used to identify, analyze, evaluate and treat risks is foundational to any ISMS, and sets the stage for identifying and appropriately protecting the organization’s assets.

    Before we begin, what would you say is the definition of risk? Most security professionals would quote something like this:

    1 Risk is the impact to an asset considering the probability that a particular threat will exploit a particular information system vulnerability.

    2 Risk is the potential that a given threat will exploit vulnerabilities to cause loss...

  13. CHAPTER 6: THE INFORMATION SECURITY MANAGEMENT SYSTEM
    (pp. 45-52)

    In spite of the views of many CISOs, securing an organization’s information assets has never really beenjustabout implementing technical security controls. The role of the traditional CISO within the typical IT department can play only a small part in solving the information security challenge. Implementing technical security controls defined by the CISO is only a part of the larger issue of risk management. Today’s CISO needs to adopt, promote and lead the implementation of an Information Security Management System designed to protect the organization’s information assets and ensure the life and health of the business. The International Standard,...

  14. CHAPTER 7: CISO SURVIVAL
    (pp. 53-62)

    Chief Information Security Officers (CISOs) are bombarded with new challenges every day. In a single week, a CISO can be called upon to recommend security applications, build security awareness, be a risk manager, be a consultant to management, lead incident response, be an advocate for business innovation, be a strategic thinker, and establish and support top management security champions.

    The role of CISO includes developing, articulating and delivering an IT security and risk management strategy that is aligned with business objectives. The scope of the role is wide and includes technology deployment, strategy and communications, risk management, security operations, investigations/incident...

  15. CHAPTER 8: SUMMARY – YOU BECOME WHAT YOU THINK ABOUT
    (pp. 63-68)

    The concept is far from new; its truth is self-evident and it has never been more relevant. A more recent rendition of the concept is from a renowned author and speaker, Mr Earl Nightingale who says, “You Become What You Think About.” If this is the first time you have heard this phrase, let it sink in a little while. It may not change your life in some lightening-strike way, but if you give it a chance you will begin to recognize that you are surely becoming what you find yourself thinking about. Making a conscious effort to think about...

  16. ITG RESOURCES
    (pp. 69-71)