Carnegie Mellon University
Browse
- No file added yet -

Structuring the Chief Information Security Officer Organization

report
posted on 2015-10-01, 00:00 authored by Julia H Allen, Gregory Crabb, Pamela D Curtis, Brendan Fitzpatrick, Nader Mehravari, David Tober

Chief Information Security Officers (CISOs) are increasingly finding that the tried-and-true, traditional information security strategies and functions are no longer adequate when dealing with today’s increasingly expanding and dynamic cyber risk environment. Many opinions and publications express a wide range of functions that a CISO organization should be responsible for governing, managing, and performing. How does a CISO make sense of these functions and select the ones that are most applicable for their business mission, vision, and objectives?

This report describes how the authors defined a CISO team structure and functions for a large, diverse U.S. national organization using input from CISOs, policies, frameworks, maturity models, standards, codes of practice, and lessons learned from major cybersecurity incidents.

History

Date

2015-10-01

Usage metrics

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC