10.1184/R1/6584423.v1
Julia H Allen
Julia H
Allen
Gregory Crabb
Gregory
Crabb
Pamela D Curtis
Pamela D
Curtis
Brendan Fitzpatrick
Brendan
Fitzpatrick
Nader Mehravari
Nader
Mehravari
David Tober
David
Tober
Structuring the Chief Information Security Officer Organization
Carnegie Mellon University
2015
Cyber Risk and Resilience Management
2015-10-01 00:00:00
Report
https://kilthub.cmu.edu/articles/report/Structuring_the_Chief_Information_Security_Officer_Organization/6584423
<p>Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?<br><br>This report describes how the authors defined a CISO team structure and functions for a large, diverse U.S. national organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.</p>