The Role of the CISO. Ron Baklarz CISSP , CISA, CISM, NSA-IAM/IEM **Warning sexually graphic content and subject matter**. Internal Factors Affecting the CISO Role Top 10 Coolest Information Security Jobs What Makes a Good CISO? Corporate culture To Whom does the CISO report?
The Role of the CISO
CISSP, CISA, CISM, NSA-IAM/IEM
**Warning sexually graphic content and subject matter**
The Top 10 of the 20 Coolest Jobs in Information Security
“Key responsibilities of a CSO include asset management, security assessments, development of a security strategy and risk management plan, certification and audit. In a nutshell, the CSO manages risks for the organization and advises senior management about risks to the business and recommends a treatment for the risk. “
What makes a good CISO?
- The ability to affect change.
- An understanding of how business processes and information interact.
- An understanding of the technologies used in your organization
- An understanding of legal and compliance issues.
Titles: CISO, CSO, CRO, ISSO, Director, Manager
Reports To: CIO, CFO, CRO, CEO, CTO
Never realized convergence of physocal and logical security
Chronology of Data Breaches
- Started in 2005 subsequent to the Choicepoint breach
263, 674,426 records compromised
What is DLP?
“Attachments F and G are screenshots from direct access to PC xxx.xxx.xxx.xxx and specifically the “My Pictures/Pics” folder. The details of this folder show that there are 49 subfolders with a total of over 1,300 mostly pornographic images of different women compartmentalized on a by-folder basis. “
Excerpt from investigative report CISO.2007.155 dated October 1, 2007
Q & A