The role of the Chief Information Security Officer has evolved enormously in recent years in response to security threats and a challenging business environment. Instead of being primarily a master technician, today’s CISO has to be a trusted advisor to senior management.
The Changing Role of the Information Security Officer
The CISO has overall responsibility for corporate security strategy, but today’s CISO has to be in the business of managing information, not just securing it. The successful CISO needs to have excellent communication and presentation skills, and to demonstrate keen business acumen.
The serious and ever-changing nature of today’s security threats demand a strategic-minded response, and a successful CISO will always be thinking about how to gain business objectives through enabling technology while properly managing risk.
This pocket guide emphasises the importance of a suitable information security management system (ISMS) and the risk management methodolgy that should be at its heart.
Read this pocket guide and …
- Learn how the role of a CISO has changed.
-
Today’s CISO must be integrated into all aspects of the business and have a full understanding of its strategy and objectives.
- Understand the importance of a risk management methodology.
-
A good risk management methodology must take into account the special information security needs of the company as well as legal and regulatory requirements.
- Learn how to establish a successful ISMS.
-
The guide explains how to design and implement an ISMS that is appropriate for the organisation. It also describes the key management system processes that should be included in an ISMS.
-
Chief Information Security Officers are bombarded with huge challenges every day, from recommending security applications to strategic thinking and business innovation. This guide describes the hard and soft skills that a successful CISO requires: not just a good knowledge of information security, but also attributes such as flexibility and communication skills.
This guide explains the changing goals of an information security department … buy it now and learn the secrets of being a successful CISO!
About the authors
Barry Kouns is a security and risk management expert with over 25 years of experience in information security consulting, risk assessment and quality management. Barry formed and operates SQM-Advisors, an information security, risk assessment and IT service management firm that has led eight organisations to ISO/IEC 27001:2005 certification. He is frequently quoted in magazines and news articles on information security and has held the position of Trainer for the British Standards Institute (BSI). He holds a BS in Statistics and an MS in Industrial Engineering Management. Barry has earned the CISSP designation and is a trained ISO/IEC/27001 Lead Auditor and ISMS Implementer, and is ITIL Foundation certified.
Jake Kouns has an MBA with a concentration in Information Security from James Madison University. He holds a number of certifications including CISSP, CISM, CISA and CGEIT. He is currently Director of Cyber Security and Technology Risks Underwriting for Markel Corporation, a specialty insurance company. He has presented at many well-known security conferences including RSA, CISO Executive Summit, EntNet IEEE GlobeCom, CanSecWest, and SyScan. He is the co-author of Information Technology Risk Management in Enterprise Environments, and has also been interviewed numerous times as an expert in the security industry. Jake is the co-founder, CEO, and CFO of the Open Security Foundation (OSF), a non-profit organisation that oversees the operations of the Open Source Vulnerbility Database (OSVDB.org) and DataLossDB.
Author: Barry Kouns and Jake Kouns
Publisher: IT Governance Publishing
ISBN: 9781849281836
Pages: 74
Format: Adobe eBook
Published date: 28 April 2011
Availability: Always Available