Free Cyber Risk Analysis: Your Top Cyber Risks in 3 Clicks

Get Started

What is a CISO?

A Chief Information Security Officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the vision, strategy, policy, compliance, and program to ensure information assets and technologies are properly protected and legal requirements with regard to data and network security are met.

What does a CISO do?

A CISO works alongside company executives, managers, cybersecurity teams, and IT teams to coordinate cybersecurity strategy, policy, and response. The CISO reports to the CEO and/or the Board. An important part of a CISO’s role is reporting on the state of the organization's cybersecurity defenses, weaknesses, and strategy - mapping out all of the vulnerabilities while also being in charge of the Incident Response Plan. Having the right Board and CEO reports is critical to managing and executing this job function. The CISO also typically takes responsibility for setting and managing the cybersecurity budget.

An Overview of CISO Role and Responsibilities

  1. Security operations
  2. Cyber Risk and Cyber Threat Intelligence
  3. Data loss and fraud prevention
  4. Security Roadmap and  Architecture: 
  5. Identity and Access Management (IAM)
  6. Cybersecurity Program management
  7. Governance and Compliance
  8. Board Reporting

See Also: 

  1. CISO Board Report 
  2. Board Report Slide Template
  3. Reporting Cybersecurity to the Board

Return to Ecosystem Terminology Glossary


Download the Board Reporting Playbook