peshkova - Fotolia
- Brenda L. Horrigan, Managing Editor
A single, definitive explanation of the chief information security officer role does not exist, at least not yet. For many years, CISO responsibilities were part of the job portfolio of some senior exec or, more likely, a senior member of the IT department. But that's changing, and fast. Why? Cyber intrusions with massive theft of information and intellectual property, and the rise of new exploitation methods -- including ransomware, advanced persistent threats and insider threats -- to name just a few. These and other developments -- not the least of which is the internet of things and its impact on corporate information security -- are raising awareness of the central importance of information security.
This puts the CISO role in the spotlight in a way not seen before. It's been awhile since companies began to move their CISOs out of the IT department and into the C-suite, putting them on par with CIOs, but not all corporations have followed suit. Now, though, the need for an executive-level security person is getting increasingly obvious.
The chief information security officer role is rapidly maturing from being IT-centric to becoming an integral part of a holistic risk management framework with access to the highest levels of the organization. This relatively recent evolution makes the chief information security officer role a complex one, and not easy to fill. It requires advanced technological knowledge, business acumen, and a set of cybersecurity skills that needs constant updating. The new edition of our quarterly Information Security magazine supplement examines the job of CISOs in its latest iteration and delves into closely related issues, such as the difficulty of finding the combination of security and IT skills desperately needed now.
Why it's vital for the CISO and the CFO to collaborate
Stronger together: How to build a CISO-CIO partnership
How the internet of things affects CISOs