Access your Pro+ Content below.
Chief information security officer skills go beyond customary technical roles
This article is part of the Dec. 2012/Volume 14 / No. 10 issue of Information Security magazine
Recently, I was asked to consider the question, “Do CISOs need to be techies at heart?” Having become a CISO after a history of technical roles, I could see why one might think the answer was a very clear “yes,” and yet I feel very strongly that the answer is “no.” A CISO should be able to rely on a solid team to handle the “techie” stuff; if a CISO spends too much time in the weeds, he will miss the broader picture. Especially in a small- to medium-sized business, a CISO needs to be much more than just a techie—really, a good CISO should be a jack-of-all-trades, and nearly a master of most. Information is the heart of any business, so a CISO is very nearly the same as the chief risk officer, especially at a smaller firm. A good CISO needs to understand the risks to the organization beyond the traditional IT risks, and be able to articulate how the IT controls fit within the framework of the business. He needs to be a good executive, and be able to weigh the risks of business objectives vs. IT controls to help the company make ...
Features in this issue
System that helps law enforcement track down fugitives was tested thoroughly to prove to CTOs and IT teams that the company is serious about security.
Exploitable vulnerabilities are becoming harder to find in popular software, but information on such flaws is increasingly valuable, and many security researchers are no longer willing to give it up for free.
Information Security magazine discussed critical infrastructure protection with three experts and explore whether any near-term solutions can be implemented to bolster network defenses.
Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
Columns in this issue
Information Security Magazine examines key security concerns in the field of critical infrastructure protection and explores options for mobile biometric authentication because you’ll need to think about a new security strategy as mobile devices outnumber desktops in the enterprise.
A trusted advisor and a strong communicator and promoter, a good CISO should be a jack-of-all-trades to rally the IT security team to support the business needs by minimizing risk.
Security expert and Information Security magazine columnist goes one-on-one with Aaron Turner, co-founder of security consulting firm N4Struct.