The Rookie Chief Iso
229-854-5904
WEEK 10 TERM PAPER
“The Rookie Chief Information Security Officer”
Bradford Daniels
Professor Steven Brown
SEC 402
17 March 2013
1. a. Create an Organization Chart in which you
DANIELS INC CLOUD COMPUTING ORGANIZATIONAL CHART
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs for the organization.
The CISO is the executive responsible for the organization's entire security posture, both physical and digital. CISOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.
CISO Responsibilities:
Lead operational risk management activities to enhance the value of the company and brand.
Oversee a network of security directors and vendors who safeguard the company's assets, intellectual property and computer systems, as well as the physical safety of employees and visitors.
Identify protection goals, objectives and metrics consistent with corporate strategic plan.
Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
Maintain relationships with local, state and federal law enforcement and other related government agencies.
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
Work with outside consultants as appropriate for independent security audits.
The CSO title is also used at some companies to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets.
Members of the Information Security Team assist the CISO with design, evaluation, implementation, and management of security programs for the organization. ii. Within your organizational chart, clearly
WEEK 10 TERM PAPER
“The Rookie Chief Information Security Officer”
Bradford Daniels
Professor Steven Brown
SEC 402
17 March 2013
1. a. Create an Organization Chart in which you
DANIELS INC CLOUD COMPUTING ORGANIZATIONAL CHART
i. Illustrate the roles that will be required to ensure design, evaluation, implementation, and management of security programs for the organization.
The CISO is the executive responsible for the organization's entire security posture, both physical and digital. CISOs also frequently own or participate closely in related areas such as business continuity planning, loss prevention and fraud prevention, and privacy.
CISO Responsibilities:
Lead operational risk management activities to enhance the value of the company and brand.
Oversee a network of security directors and vendors who safeguard the company's assets, intellectual property and computer systems, as well as the physical safety of employees and visitors.
Identify protection goals, objectives and metrics consistent with corporate strategic plan.
Work with other executives to prioritize security initiatives and spending based on appropriate risk management and/or financial methodology.
Maintain relationships with local, state and federal law enforcement and other related government agencies.
Oversee incident response planning as well as the investigation of security breaches, and assist with disciplinary and legal matters associated with such breaches as necessary.
Work with outside consultants as appropriate for independent security audits.
The CSO title is also used at some companies to describe the leader of the "corporate security" function, which includes the physical security and safety of employees, facilities and assets.
Members of the Information Security Team assist the CISO with design, evaluation, implementation, and management of security programs for the organization. ii. Within your organizational chart, clearly
References: Shoemaker. & Conklin A. (2012) Cyber security The Essential Body of Knowledge Boston MA Course Technology Press Risk Assessment Risk Management Guide- Computer Security Retrieved from http://www.csrc.nist.gov Request for Proposal (RFP) Information Technology IT Strategic Plan Retrieved from http:// www ebid.board.com