Chief Information Security Officer within the organization

In an organization, there will be a lot of Cybersecurity leader level and Chief Information Security Officer or also known as CISO can be considered as one of them. For this post, I would like to share the Best Criteria that CISO should require while working in an organization.

CISO’s job scope in the organization would responsible for any information, Security compliance, and data security that have been implemented within the organization. The CISO roles in the past might has been narrowly only for a certain scope while it have been expansive role and interchangeable with the current CSO and VP of Security within the organization.

The responsibilities of CISO can be listed as follows:

  • Security Operations
  • Cybersecurity risk and cyber intelligence
  • Data Loss and Fraud prevention
  • Security architecture
  • Identity access management (IAM)
  • Governance

Source: Three Keys to CISO Success

CISO certification requirement should be as the following:

  1. CISSP
  2. CISM
  3. C|CISO

Source:ISACA CISM Certification Holders Give Advice to Professionals Considering Certification

Source :Tying Information Security Compliance to Risk Management

The best criteria of CISO requirement is listed as follows:

  • CISO and team should be able to aware of what they should be protected within the organization such as business values, sensitive financial data, or customer data. In order words, they will need to protect the organization’s crown jewels with all cost
  • Everyone should have experienced failure at least once before but what matters is how people accept and learn from the same mistake so that they will not making the same mistake twice.
  • CISO will priority as a business-minded leader rather than a security-minded leader where they will decide in business objectives and should be knowledgeable with the language of business.
  • CISO’s job scope would be to prioritize the security’s basic and run a test regularly in order to ensure that the system is been secure and work as the system should be doing. Some of the organizations out there still take seriously the security basics that been implemented within the organization’s system.

Reference: 5 traits all the best CISOs have

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *