In exploring the role of CISO, our team of researchers at the SEI's CERT Division explored the expanding operational risk environment with respect to IT operations, cybersecurity, business continuity, and disaster recovery. This framework is the product of interviews with CISOs and an examination of policies, frameworks, maturity models, standards, codes of practice, and lessons learned from cybersecurity incidents. In this blog post, we present recent research on this topic, including a CISO framework for a large, diverse, U.S. Making sense of all this and deciding on an approach that is appropriate for your specific organization's business, mission, and objectives can prove challenging. Publications abound with opinions and research expressing a wide range of functions that a CISO organization should govern, manage, and perform. CISOs and others in this position increasingly find that traditional information security strategies and functions are no longer adequate when dealing with today's expanding and dynamic cyber-risk environment. In many organizations, this role is known as chief information security officer (CISO) or director of information security. Most organizations, no matter the size or operational environment (government or industry), employ a senior leader responsible for information security and cybersecurity.
0 kommentar(er)
