Chief information security officer

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance (e.g. supervises the implementation to achieve ISO/IEC 27001 certification for an entity or a part of it). The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner. Typically, the CISO's influence reaches the entire organization. Responsibilities may include, but not be limited to: Computer emergency response team/computer security incident response team Cybersecurity Disaster recovery and business continuity management Identity and access management Information privacy Information regulatory compliance (e.g., US PCI DSS, FISMA, GLBA, HIPAA; UK Data Protection Act 1998; Canada PIPEDA, Europe GDPR) Information risk management Information security and information assurance Information security operations center (ISOC) Information technology controls for financial and other systems IT investigations, digital forensics, eDiscovery Having a CISO or an equivalent function in organizations has become standard practice in business, government, and non-profits organizations. By 2009, approximately 85% of large organizations had a security executive, up from 56% in 2008, and 43% in 2006 .