Assuming a consistent pattern of titles in companies that have a Chief Executive Officer (CEO) and Chief Information Officer (CIO), the Chief Security Officer (CSO) is the person responsible for the security of a company's communications and other business systems, especially those now exposed to intrusion from outsiders on the Internet. The CSO may also have a role, together with the CIO, in planning for and managing disaster recovery. The CSO is likely to be involved in both the business (including people) and technical aspects of security.
CSO responsibilities may include training others for security awareness, developing secure business and communication practices, purchasing security products, and ensuring that security practices are being followed. Depending on the size of a company and the perceived importance of security, a CSO may report to the Chief Information Officer or the Chief Technology Officer or, less frequently, report directly to the CEO. In companies without a CSO, the security responsibilies are usually held by the CIO or the CTO.
In October 2002, at least 200 companies are reported to have a CSO. Ed Hurley of SearchSecurity.com reports these other names for the CSO:
- Chief Security Architect
- Chief Information Security Officer
- Security Manager
- Corporate Security Officer
- Information Security Manager