Chief information security officer

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks, manages information security technologies, implements policies, and ensures compliance with regulatory frameworks such as GDPR, PCI DSS and FISMA. The CISO is also usually responsible for information-related compliance (e.g. supervises the implementation to achieve ISO/IEC 27001 certification for an entity or a part of it). The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. A CISO may report to a chief information officer (CIO) or directly to a chief executive officer (CEO).

Having a CISO or an equivalent function in organizations has become standard practice in business, government, and non-profits organizations. CISOs are often in high demand and compensation is comparable to other C-level positions that also hold a similar corporate title.

This article is issued from Wikipedia. The text is available under Creative Commons Attribution-Share Alike 4.0 unless otherwise noted. Additional terms may apply for the media files.