What Is A Ciso?

1440 Words6 Pages
What is a CISO? The CISO is a senior-level executive responsible for managing information security from a business perspective, as cybersecurity is increasingly being viewed as a business problem rather than an IT problem. The CISO establishes the enterprise vision, strategy, and program for protecting information assets and technologies to minimize risk to the business. In recent years the role has evolved from a pure security focus to identification and management of the organization’s business and operational risks. It goes beyond architecture and technology to address risks to the business and represent cybersecurity concerns and issues for organizational decision-making. “Modern-day CISOs should be viewed as business executives who are focused on managing business risk” , rather than focused completely on technology, according to Chris Ray, the CISO of Epsilon. The CISO needs to understand the technology, but then be able to translate relevant information for use by executive management in making business decisions and managing business risk. According to Rick Doten, CISO for Digital Management Inc., “The security guy really needs to understand the business risk, because a CISO’s job is not to protect IT, it’s to protect the business from the IT infrastructure.” What does a CISO do? The CISO 's responsibilities have shifted in recent years “from general security to identifying, developing, implementing and maintaining security-related processes that reduce the
Open Document