Chief Information Security Officer: A Role in Rapid EvolutionThe role of the chief information security officer (CISO) has changed profoundly over the years, from IT security management to high-level risk management. Today a CISO is a crucial figure for any organization — a company executive responsible for establishing and maintaining a firm's security strategy. CISOs coordinate internal experts in an effort to identify threats and vulnerabilities, and find ways to mitigate IT risk.

Many large enterprises still fail to implement and maintain effective security programs, resulting in serious repercussions for their businesses. According to TechTarget, Target and JPMorgan Chase are just two examples of Fortune 500 companies that didn't have CISOs, and have fallen victim to major data breaches that caused millions in losses. In response to the rapid evolution of cyberthreats, many companies are completely reviewing their approaches to cybersecurity, opting to allocate more resources to the protection of their digital assets, and assigning CISOs the responsibility of managing and reducing risk.

To help CISOs navigate their changing role, Veracode created The New CISO's Tool Kit. The kit includes whitepapers, infographics and Gartner research reports that speak to the challenges CISOs must overcome to be successful. While new CISOs are encouraged to download the tool kit and spend time with its resources, here's a high-level overview of its contents, and some key takeaways.

Proving Value Through Planning and Strategy

According to Gartner's "The Chief Information Security Officer's First 100 Days," one of the many resources the kit contains, the first 100 days of a CISO's position are crucial, as they help build the foundation on which the rest of his/her career is built. This is the time when CISOs start proving their value to the organization, the report says, and it's important that they pull security into the conversation and interface with other C-suite execs on a strategic level.

But where does a new CISO start in tackling that formidable task? According to Gartner, "Proper preparation, assessment, planning, acting, measuring and above all, communicating can greatly enhance your chance of success. [The report] highlights the key activities that focus on critical issues, and provides actions and resources to help you achieve your intended outcomes."

CISOs joining new organizations need to create a strategy that integrates security into the culture and processes of an organization and reduces risk. "Five Steps to Prepare for a Vulnerability Disclosure," another key whitepaper in the tool kit, is a guide designed to help security professionals prepare for high-profile vulnerability disclosures so their organizations can respond with the right level of urgency.

In the whitepaper, Veracode suggests firms take a "five-step approach to creating a vulnerability response program," identifying the teams, protocols, priority levels, frameworks and procedures necessary to help tackle any disclosure. The principal task for a CISO and his staff is the creation of procedures for responding to each priority level.

CISO Skill Sets

"Develop the Skills of the Contemporary CISO," another resource in the tool kit, explains how chief information security officers have to integrate their information security disciplines with nontraditional CISO skills such as business knowledge, communication and strategic planning. But a CISO also needs a clear view on the economic impact of the lack of organizational security. The document "Why Application Security is a Business Imperative" provides interesting elements that could help contemporary CISOs explain to C-level executives that security is an investment characterized by a significant ROI.

In the face of the dynamic threat landscape, the role of the chief information security officer is always evolving. CISOs must be able to secure their organizations' resources by adopting new paradigms (e.g., mobile, cloud computing and social networking), communicating with their fellow C-suite executives and relying on their diverse skill sets to enact change.

Want to learn more about navigating the ever-changing CISO role? Download Veracode's New CISO Tool Kit.

Photo Source: MorgueFile

About Pierluigi Paganini

Pierluigi Paganini is Chief Information Security Officer at Bit4Id, Editor-in-Chief at "Cyber Defense Magazine," a member of the DarkReading Editorial team, and a regular contributor for major publications in the cyber security field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, and The Hacker News Magazine.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.