For those who are new to the role of Chief Information Security Officer (CISO) or want to learn what a CISO does and whether your company should have one, 90 Days: A CISO’s Journey to Impact: Define Your Role is an excellent short-read introduction.
The CISO position has become critical to all organizations’ success. The book lists 12 questions that a CISO must consider including the basic three questions: what must be protected, what must it be protected from, and what tools are available to do so. A CISO MUST include making the people in the organization part of the plan because so often they are responsible for the breaches that happen.
A CISO must be adaptive. The idea of perimeter security is going by the wayside with cloud solutions. One CISO is quoted as saying that CISO’s are often looking for threats that they don’t know about yet and it’s like “being in charge of defending a medieval castle and suddenly finding that you are under attack by paratroopers.”
As attack methods continue to evolve so must the role of the CISO.