Language
CISO: what is a CISO and what are the functions of the Chief Information Security Officer?
HomeHome > Blog > CISO: what is a CISO and what are the functions of the Chief Information Security Officer?
LATEST NEWS

CISO: what is a CISO and what are the functions of the Chief Information Security Officer?

Aug 25, 2023

30/08/2023

Teleworking has led to a surge in cyber threats. The latest ENISA (European Union Agency for Cybersecurity) report lists the eight most frequent in 2022: ransomware, malware, social engineering, data threats, availability threats (denial of service), internet availability threats, misinformation/misuse of information and supply chain attacks.

Because of this increase, in 2022, 62% of companies in Spain invested more budget to strengthen both teams and equipment and solutions in this area, according to a study by Deloitte. In line with this rise in cybersecurity, the role of the people responsible for protecting devices and information from threats and attacks has gained relevance. In the parade of management positions and acronyms (CEO, CIO, CFO…, a group known as the C-suite), the position of CISO (Chief Information Security Officer), also known as CSO or vice president of security, is the top security officer: he or she is responsible for defining and executing the overall IT security strategy.

While the role of a Chief Information Security Officer will vary between organisations, as a senior executive he or she oversees everything related to technology risk, from management to incident response, forensics to remote workforce protection. Your role is crucial to the organisation and you interact with senior management to keep them up to date on incidents, cyber trends, ROI and many other issues through reporting.

This is a person with great communication skills, as he/she has to explain complex concepts to the other executives, and is a bridge between them and the engineers. He or she must advise them so that they can make the best decisions based on this information and know how to show them the value of the company’s data. Thus, CISOs are always informed of the latest research in cybersecurity in order to be able to make recommendations on the strategy to be followed by the company in this area.

In the event of an attack on the company, it is up to the CISO to indicate how to proceed and initiate the recovery process in order to minimise damage and economic losses. He or she works together with the CIO (chief information officer) and they share responsibilities, such as ensuring the security of an organisation and protecting its assets, to integrate infrastructures such as firewalls, backups, data access control… The difference between the two lies in the fact that the CIO’s objective is to provide services to facilitate productivity (they seek efficiency), while the CISO focuses on compliance with security practices, to provide them in a secure way. In line with the times and technological changes, the role of the CISO has evolved over the years from a profile associated with technical risk to a business driver.

A CISO usually works in large companies. Individuals in this role are also responsible for recruiting security professionals to build teams to develop and implement strategic plans.

These are some of the most common roles and responsibilities of a Chief Information Security Officer:

In addition to a strong technical background (with relevant certifications, such as CISSP or CISM), the CISO job requires attributes or soft skills, such as strategic thinking, excellent communication, the ability to work (and remain calm) under pressure, and strong leadership, analytical and problem-solving skills.

Increasingly, the CISO is turning to artificial intelligence and machine learning to protect and defend the enterprise. At the same time, they deal with the most powerful vulnerabilities and attacks (malware software, sending phishing emails, impersonating a person…) that this same technology facilitates for cybercriminals.

Thank you for your sending

We have just sent you an email to confirm your subscription.

By submitting the form, Telefónica, S.A. will process your data to response the query or to manage the subscription to the newsletter that you have requested. Your data may be shared with different Telefónica Group companies to the extent necessary for this purpose.

You may withdraw the consent given and exercise the rest of data protection rights by writing to [email protected].

More information in the Privacy Policy

Contact our communication department or requests additional material.