WEEK 10 TERM PAPER
“The Rookie Chief Information Security Officer”
Terri Cooks
Professor Parker
SEC 402
June 15, 2014
Part 1: Organization Chart
When looking at the many different roles within the management of any organization’s security program there are some titles that stand out. One would be the CISO. The CISO is the executive whose responsibility is to maintain entire security backbone, both physical and digital. In an article written for the Sans Institute by Matthew Cho, “CISO Roles and Responsibilities: According to the latest information, almost sixty percent of the organizations in the United States acknowledge the existence of a CISO dedicated entirely to security (Ware). Responsibilities for these individuals include ensuring proper protection for all physical and technical aspects of the organization. Technical aspects ranging from securing communications, applications, and business systems to performing risk assessments of IT assets exposed to outsiders on the Internet. Physical aspects including non-electronic factors such as physical site access as well as drafting policies and procedures for secure daily operations. Along with overseeing the organization’s physical and technical security implementation, CISOs are also responsible for security management activities. These activities may include training others for security awareness, purchasing security products, planning for and managing disaster recovery, developing secure business and communication practices, and ensuring all policies are followed. In addition, CISOs must ensure that security breaches are not a result from any of the changes made in order to protect the organization. The following highlights some important responsibilities carried out by most CISOs.
· Act as the organization’s representative with respect to inquiries from customers, partners, and the general public regarding the organization’s security strategy.
· Act as the...