fbpx

Ciso Job Functions

A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. [Wikipedia].

CISO Job Functions

A chief information security officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. [Wikipedia].

CISO is a key position in an organization and reports directly to either CIO or CEO. What are the primary job responsibilities of a CISO? Below mind map gives a holistic view of the different job responsibilities CISO role should cover.

Selling Information Security Internally
  • Value creation
  • Aligning with organization strategy
  • Management Involvement
Finance
  • Business Case
  • ROI Analysis
  • Budgeting
Architecture
  • Network architecture/segmentation
  • Application architecture
  • Remote access/VPN
  • Encryption
  • Authentication
  • Mobility
  • Public/Private/Hybrid Cloud
  • Backup
Governance
  • Roles and responsibilities assignment
  • Resource management
  • Key performance Indicators(KPIs)
  • Effective reporting
Security Operations-Focusing on the triad of people, process and technology.
Detection
  1. SIEM/log management
  2. IDS
  3. Endpoint Protection/Antivirus
  4. DLP
  5. Netflow
  6. Honeypots
  7. Threat Intelligence/Analysis
  8. Network behavior analysis
  9. Vulnerability lifecycle management
  10. Penetration Test
Prevention
  1. Firewall
  2. IPS
  3. WAF
  4. Identity Management
  5. Anti-Spam
  6. Sandboxing
  7. Anti-Malware
  8. Content Filtering
  9. Software Updates/Patches
  10. DDoS Protection
  11. Hardening
  12. Encryption
  13. PKI
Incident Management
  1. Incident Identification
  2. Containment
  3. Remediation & recovery
  4. Forensic Analysis
  5. Identity Management
Accounts management
  • Single sign-on/ Two-factor authentication
  • Active Directory/LDAP management
  • Role-based access
  • BYOD
  • E-commerce sites
  • Mobile applications
Risk Management
  • Risk assessment methodology
  • Risk identification
  • Risk analysis
  • Risk evaluation
  • Risk mitigation/treatment
  • Risk monitoring
Human Resources Management
Compliance
  • PCI
  • SOX
  • HIPAA
  • Follow industry specific compliance needs
Project Delivery
  • Requirement analysis
  • Planning
  • Implementation
  • Testing/Monitoring
  • Certifications & Accreditation

Above pointers can be used by CIO’s/IS Managers for planning & tracking overall security needs of an organization.

Scroll to Top

Sign-Up with your email address to receive news, new content updates, FREE reports and our most-awaited special discount offers on curated titles !

Loading