The title “Chief Information Security Officer” (CISO) is relatively new in industry, and because of this, there is a lack of institutionalized support. By that we mean that many organizations are still discovering what exactly a CISO does and how to be good partners to them. Readers of this book are already aware that the demand for talented CISOs is much greater than the supply and that the turnover rate is high. As we become more digitally interconnected companies, indeed whole industries, that didn’t believe they needed a strong information security program in the past are now forced to play catch up.
This book, “CISO Desk Reference Guide, Volume 1,” is conceived as a practical guide for CISOs. Volume 1 is intended to be foundational and addresses the key elements that new or experienced Chief Information Security Officers need to address when inheriting an immature cybersecurity program or building a new cybersecurity program. Our expectation is that Chief Technology Officers (CTOs) and Chief Information Officers (CIOs), along with their colleagues in the C-suite, can also benefit from reading this book and will become better partners to the CISO as a result.
In this volume, we address where we believe the CISO should report to be most effective, and then provide practical advice on regulatory, compliance, and audit concerns; the importance of knowing what data you have and where it is stored; and the criticality of your third-party risk management program. We then walk the reader through creating a metrics program and communicating with C-suite colleagues and the board. The first volume concludes by looking at risk management, including the emerging requirement to manage cyber liability insurance; approaches to managing the processes and tools in your portfolio; and setting up a security policy framework that will act as the underpinning for your program.
So now, let’s turn to the role of the CISO and the fundamental elements of a successful cybersecurity program.
Copyright © 2016 CISO DRG JV – All Rights Reserved.