kritchanut - Fotolia
The role of the CISO is to provide the overarching security roadmap for the organization, and securing the network is a vital part of that. The network creates the foundation for all applications and data managed by the company's IT department, making it the primary target for where security prevention tools are implemented.
A CISO must understand how the business plans to utilize the data network. With this understanding, the CISO can create a security framework that enables the business to perform the tasks needed with the lowest amount of risk. While the CISO does not implement the actual network security technologies outlined in the framework, a previous technical background in IT networking or network implementation only benefits the security program.
The role of a CISO requires certain soft skills in order to help relay security policies and information to the organization's employees, contractors and more. Communication skills benefit security leaders with these types of responsibilities. For example, CISOs must often communicate the importance of data security and how to implement these data security processes to company executives that lack a technical background.
The CISO must be able to present understandable facts as to what can and cannot be accomplished on production networks today. This requires the CISO to have a solid understanding of the overall business needs and how they relate to the IT network and its associated infrastructure. A huge part of the role of the CISO is to ensure the protection of digital assets. Because the network is almost always a part of any IT-related project, the CISO must constantly explain the workings of network security to executive-level peers and stakeholders. The CISO must be kept in the loop when there are any major additions or changes to the network in order to establish processes to secure these updates.
Lastly, the role of a CISO requires helping navigate the various compliance laws that are applicable to the company's industry vertical. Depending on the compliance regulations in play, network security teams must adapt to comply with those laws, especially when sensitive customer, patient or partner data is transported or stored on the network. The CISO must be involved in ensuring the identification of portions of the network that are subject to compliance regulations. CISOs are responsible for validating that the appropriate data protection mechanisms are in place wherever this data travels through the network.
Dig Deeper on Information security certifications, training and jobs
Related Q&A from Andrew Froehlich
Migrating to UCaaS doesn't mean organizations need to leave legacy hardware behind. But organizations must ensure UC devices are compatible with ... Continue Reading
Cost, complexity and interoperability issues with existing network components are some of the weaknesses of SD-WAN that organizations need to ... Continue Reading
A migration from WPA2 to WPA3 is not simple. Organizations may need to update their hardware extensively to accommodate the newer Wi-Fi encryption ... Continue Reading