Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Technical Note

Structuring the Chief Information Security Officer Organization

  • Abstract

    Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?

    This report describes how the authors defined a CISO team structure and functions for a large, diverse U.S. national organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.

  • Download

Cite This Report

SEI

Allen, Julia; Crabb, Gregory; Curtis, Pamela; Fitzpatrick, Brendan; Mehravari, Nader; & Tobar, David. Structuring the Chief Information Security Officer Organization. . Software Engineering Institute, Carnegie Mellon University. 2015. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=446186

IEEE

Allen. Julia, Crabb. Gregory, Curtis. Pamela, Fitzpatrick. Brendan, Mehravari. Nader, and Tobar. David, "Structuring the Chief Information Security Officer Organization," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Note , 2015. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=446186

APA

Allen, Julia., Crabb, Gregory., Curtis, Pamela., Fitzpatrick, Brendan., Mehravari, Nader., & Tobar, David. (2015). Structuring the Chief Information Security Officer Organization (). Retrieved May 23, 2017, from the Software Engineering Institute, Carnegie Mellon University website: http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=446186

CHI

Julia Allen, Gregory Crabb, Pamela Curtis, Brendan Fitzpatrick, Nader Mehravari, & David Tobar. Structuring the Chief Information Security Officer Organization (). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2015. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=446186

MLA

Allen, Julia., Crabb, Gregory., Curtis, Pamela., Fitzpatrick, Brendan., Mehravari, Nader., & Tobar, David. 2015. Structuring the Chief Information Security Officer Organization (Technical Report ). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=446186

BibTex

@techreport{AllenStructuringthe2015,
title={Structuring the Chief Information Security Officer Organization},
author={Julia Allen and Gregory Crabb and Pamela Curtis and Brendan Fitzpatrick and Nader Mehravari and David Tobar},
year={2015},
institution={Software Engineering Institute, Carnegie Mellon University},
address={Pittsburgh, PA},
url={http://resources.sei.cmu.edu/library/asset-view.cfm?AssetID=446186} }