A new professional profile is emerging in the information security market. Its differential is in the the company digital and physical security performance
Becoming a successful executive, considered a C-Level, of those who have arrested and released, has been the desire or main target of many professionals in the technology area , which in corporate mountaineering seek the chain highest points, such as: CTO (Chief Technology Officer), CIO (ChiefInformation Office) and CISO!? Oops, CISO? That’s right, you read it right, CISO (Chief Information Security Officer).
Well, in the constant search for the final customer satisfaction, it was common to find CTO and CIO in the same organization, with different roles, or at times, conflicting, after all they aim at the same – having satisfied end customer. While there are many ways to distinguish them in the corporate ecosystem, in traditional situations, we say that the CTO focuses on the “external customer,” while the CIO maintains its internal focus.
CISO and its role in IT
However, our subject here is the CISO, and why has it stood out more and more in the IT habitat?
CISO is the one who controls information security issues in an organization and is responsible for ensuring anything related to digital information. Although until recently we knew only the CSO (Chief Security Officer), the CISO came to complement the security range, not only limited to the digital world and its guts, but also dealing with the company physical security. Obviously, his performance is far from the police modus operandi, but still maintaining the same “marra” and unsmiling face of who protects something.
CISO maintains information security within the most rigorous standards and best market practices, making special hardware use, software and highly secure business processes. It is not only restricted to keeping the computing environment secure, but it also creates, implements, and communicates information security policies and procedures throughout the organization. In case of confidentiality breach, the CISO must act and lead during the emergency situation, with a business continuity plan established (BCP) and, above all, approved and known throughout the organization.
CISO X Information Security Crisis
At the crisis moment in the information security area , it is the CISO who manages the crisis, identifies possible solutions, ensuring the computing environment order and integrity restoration and all services provided from it.
Although in the more traditional schools the CISO still reports to the CIO, it has been increasingly common for the CISO to integrate a parallel organization, distinct from technology, with a direct reporting line to the main organization executive, precisely to guarantee the impartiality and isonomy of its actions. The CISO is free of any arbitration the CIO may have on its work; especially during audits or critical incidents, involving the sensitive information leakage from the company and/or third parties.
As an example, we can cite the recent data leak from Ashley Madison, an “infidels and adulterers” site, which had posted on the internet all the information of its 37 million users worldwide.
If you have been impressed by IT or information security, and want to be a part of this select C-Level Dream Team executives group, know that there is a long certifications academy to be tackled, yet be sure to add to the Certified Information Systems Security Professional (CISSP), administered by the International Information Systems Security Certification Consortium (ISC²®), which is a must-have certificate for any CISO candidate. And good luck!!!
Aluisio Andrade is Operations and Services Director at Nap IT
aluisio.andrade@napit.com.br
Need to make improvements to your network infrastructure? Then you can also read “Network Analysis: The Principle for High Performance”.