Structuring the Chief Information Security Officer Organization
April 2016 • Webinar
This webinar described a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, and codes of practice.
Software Engineering Institute
Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?
This webinar describes a CISO organizational structure and functions for a typical large, diverse organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.
- Understand a structured approach for developing and evaluating a CISO organization structure
- Be able to demonstrate the extent to which your CISO structure addresses widely accepted cybersecurity frameworks and standards
- Consider using this structure to identify coverage, gaps, and areas of improvement