While doing some research about CISO function, noticed a very good MindMap created by Rafeeq Rehman.
While what he has come up with is mindmap, I will try to deconstruct this mindmap to elaborate more about the various functions performed by CISO.
Let's begin:
While what he has come up with is mindmap, I will try to deconstruct this mindmap to elaborate more about the various functions performed by CISO.
Let's begin:
- Business Enablement
- Security Operations
- Selling Infosec (internally)
- Compliance and Audit
- Security Architecture
- Project Delivery lifecycle
- Risk Management
- Governance
- Identity Management
- Budget
- HR and Legal
So why I numbered them and in the order?
I believe Business Enablement is the most important function of a CISO. If (s)he doesn't know the business where (s)he operates, it will be a very difficult job to continue his duties as CISO. Consider a person coming from a technology background with no knowledge of Retail Business. If that person is hired as a CISO because (s)he knows the technology, that may not be a good deal. The only reason to become a successful CISO, one must know which business he is involved in. To understand the security function, he must understand the business climate.
If this retail business has a requirement of storing credit card information into their systems, CISO's job is to make sure appropriate PCI-DSS controls are in place so the data doesn't get into the wrong hands. While at the same time, making sure that PCI-DSS is not coming into the way of enabling the business to accept credit cards transactions. Yes, security is a requirement but not at the cost of not doing business.
That's why I rate business enablement as a very important function as a CISO.
If this retail business has a requirement of storing credit card information into their systems, CISO's job is to make sure appropriate PCI-DSS controls are in place so the data doesn't get into the wrong hands. While at the same time, making sure that PCI-DSS is not coming into the way of enabling the business to accept credit cards transactions. Yes, security is a requirement but not at the cost of not doing business.
That's why I rate business enablement as a very important function as a CISO.
What are some of the way CISO can enable business to adopt technology and still not come in their way?
- Cloud Computing
- Mobile technologies
- Internet of things
- Artificial Intelligence
- Data Analytics
- Crypto currencies / Blockchain
- Mergers and Acquisitions
We will review each of these items in details in the following blog posts.
