What is a CISO and what is their role in an organisation?

Cyber crime is on the rise with cyber attacks and data breaches costing companies millions around the world. According to the 2019 Cost of Data Breach Report from Ponemon Institute and IBM Security, the global cost of data breaches in 2021 is expected to reach $6 trillion annually.

The evolution of the digital landscape in the business world has created an avenue for criminals to target organizations and their sensitive data from anywhere in the world. Security breaches are becoming a common occurrence with only the biggest being reported in the news. Due to this organizations and governments around the world have added cybersecurity as a critical function in their day to day operations. In line with this phenomenon, organizations have started hiring security professionals whose focus is on information security and cybersecurity at large. 

Who is a Chief Information Security Officer (CISO)? 

Chief information security officers are guardians of an organization’s information and data security, they are responsible for the entirety of an organization’s information security profile, looking to defend it against any potential threats. 

What is the role of a CISO? 

To perform their role effectively Chief Information Security Officers (CISO) require a multitude of technical and soft skills, such as the ability to make quick decisions, to lead, to communicate effectively and build relationships. Additionally, CISOs must adapt in order to maintain pace with the cyber threat landscape and new technologies, constantly learning on the job and picking up new skills. In this ever-shifting cyber world great CISO’s require innovation and imagination in creating and delivering cyber security strategies for their organisations.

Chief Security Officers (CSO) vs Chief Information Security Officers (CISO)

There is a common misconception that chief security officers and chief information security officers are interchangeable terms. Although the title of chief security officer can mean different things for different organizations. The title encompasses the role of an organization’s information security as well as it’s corporate security i.e. the physical security of employees and assets. On the other hand CISO is a term used to describe an individual in an organization whose only focus is on information security rather than corporate security. 

The Responsibilities of a CISO

Larger organizations can usually afford to have a dedicated CISO role in their hierarchy, however small to medium organizations may delegate the roles and responsibilities of a CISO to a chief information officer or chief technology officer. 

Below are a list of common responsibilities associated with a chief information security officer:

Security operations - analysis of potential threats and the triage of threats that evolve into security incidents. 

Cyber threat Intelligence - staying up to date with emerging external threats that have the potential to impact business operations as well as research threats that could occur due to business moves such as mergers or acquisitions. Develop and communicate this intelligence effectively to the board of the organization.

Fraud prevention & Data loss - monitor employee activity to make sure that data isn’t being misused or stolen.

Upkeep of security infrastructure - researching and investing in security hardware that enhances IT and network security. Ensuring that this security is designed with best practices in mind.

Identity and access management - manage the privileged access and permissions for users, accounts, processes, and systems across an IT environment.

These are just a few examples of the many tasks that chief information security officers are responsible for. Given the impact a cyber attack or data breach can have on an organization’s wellbeing, the importance of an individual overseeing the cybersecurity of an organization cannot be overstated. Organizations need to prioritise a strong cybersecurity strategy and hire an individual responsible for implementing it.


Similar posts


Optus has been hit with a major cyber attack

In today’s world businesses around the world as well as in Australia, face increasingly sophisticated and innovative cybercriminals targeting what matters most to them; their money, data and reputation. Download our guide to learn everything you need to know about the Optus Data Breach, as well as the nine steps every business around the world and in Australia needs to take to avoid being next.