1.1 The Role of the Chief Information Security Officer

Most organizations have realized the need for a senior position within the organization to be accountable for information security. While the job description and even the placement within the organization will differ in each industry and each organization, a familiar set of responsibilities are typically associated with this role. These responsibilities include:

• Establishing information security program strategy: The CISO identifies the business cyber threats, industry and customer requirements, business drivers, information security requirements, framework upon which to build the information security program, and the people, process, and technology in which to assemble ...